Contagion risks and security investment in directed networks

Abstract

We develop a model for contagion risks and optimal security investment in a directed network of interconnected agents with heterogeneous degrees, loss functions, and security profiles. Our model generalizes several contagion models in the literature, particularly the independent cascade model and the linear threshold model. We state various limit theorems on the final size of infected agents in the case of random networks with given vertex degrees for finite and infinite-variance degree distributions. The results allow us to derive a resilience condition for the network in response to the infection of a large group of agents and quantify how contagion amplifies small shocks to the network. We show that when the degree distribution has infinite variance and highly correlated in- and out-degrees, even when agents have high thresholds, a sub-linear fraction of initially infected agents is enough to trigger the infection of a positive fraction of nodes. We also demonstrate how these results are sensitive to vertex and edge percolation (intervention). We then study the asymptotic Nash equilibrium and socially optimal security investment. In the asymptotic limit, agents’ risk depends on all other agents’ investments through an aggregate quantity that we call network vulnerability. The limit theorems enable us to capture the impact of one class of agents’ decisions on the overall network vulnerability. Based on our results, the vulnerability is semi-analytic, allowing for a tractable Nash equilibrium. We provide sufficient conditions for investment in equilibrium to be monotone in network vulnerability. When investment is monotone, we demonstrate that the (asymptotic) Nash equilibrium is unique. In the specific example of two types of core-periphery agents, we illustrate the strong effect of cost heterogeneity on network vulnerability and the non-monotonous investment as a function of costs.

Introduction

Internet security is one of the major sources of concern in today’s interconnected world. Fraud, cyber-attacks, and the influence of malicious software (or malware) on the World Wide Web and its plethora of overlying and underlying networks create significant economic, social, and political damages. In finance, security investment can be seen as a financial institution’s decision to hold higher capital. Higher capital comes, of course, at a cost but has a benefit on the entire financial system because losses are absorbed. Otherwise, a firm’s failure can translate into bankruptcy costs, and losses are imposed on other firms. As the financial crisis has highlighted, systemic risk is one of the most important risks in financial systems, with potential spillovers to the real economy. Investment in capital and liquidity has been mandated in various forms by financial regulators in the aftermath of the crisis.

Security investment is by no means specific to communication networks or to economic, information, or financial exchanges. In the current Covid-19 health emergency, the self-isolation decision played an important role in network vulnerability. Mitigating epidemic spreading and COVID-19 [1, 12, 26] can be seen as a variant of security investment when security investment is replaced by self-isolation decisions. However, the epidemic models in such applications are more realistically based on the Susceptible-Infected-Recovered (SIR) model for non-directed graphs.

In this paper, we propose a general framework in which a directed network of interconnected agents is subject to contagion risks and potential loss. We study the asymptotic Nash equilibrium and socially optimal security investments in a random directed network with fixed degrees. The structure of the networks plays an important role in the resilience of the network and impacts the decisions of different network players. We demonstrate how an agent’s decision on their security level might depend on the decisions of other agents in the network. In particular, agents who decide not to invest in self-protection also put other network participants at contagion risk.

The independent threshold model with security profiles that we introduce generalizes several contagion models in the literature, particularly the independent cascade model and the linear threshold model. We state several limit theorems on the final size of infected agents in the case of random networks with fixed degrees, for finite and infinite variance degree distributions. The results allow us to derive resilience conditions for the network in response to small initial shocks.

We characterize the asymptotic Nash equilibrium and socially optimal security investment. In the asymptotic limit, agents’ risk depends on all other agents’ investments through an aggregate quantity, which we call network vulnerability, and which captures how risky an unknown counterparty is. Based on our results, the vulnerability is semi-analytic, allowing for a tractable Nash equilibrium.

We provide sufficient conditions for investment in equilibrium to be monotone in network vulnerability. When investment is monotone, we demonstrate that the asymptotic Nash equilibrium is unique. For the case of random regular graphs and core-periphery network models, the social optimum is explicit, and we theoretically guarantee that individual decisions will result in underinvestment compared to the social optimum. In the particular example of two types of agents, called core and periphery agents, we exhibit a strong effect of cost heterogeneity and, in particular, non-monotonous investment as a function of costs.

Related literature

Limiting contagion risk requires new analytical and computational tools. Extensive research in this area focuses on the spread of epidemics over different network structures. For example, see [14, 18, 21, 24, 32, 42] for SIR epidemics in random networks and [6, 37, 39, 41, 46] for threshold contagion models in random networks.

Another related strand of literature is on default cascades and systemic risk in random financial networks, see e.g., [5, 8, 11, 13, 17, 23, 25]. In particular, in [7], the authors study financial contagion on configuration model and derive a criterion for the resilience of a financial network to insolvency contagion, based on connectivity and the structure of contagious links (i.e., those exposures of a bank larger than its capital).

There is an emerging literature on the economics of (information) security and the management of systemic cyber risk, see e.g., [2, 29, 40, 48]. In [29], the authors consider a simple one-period economic model for a single agent decision characterized by two parameters: $\ell \in {\mathbb{R}}_{+}$ for the monetary loss and $v\in [0,1]$ called vulnerability, representing the probability that without additional security investment, the agent becomes infected and the loss $\ell$ occurs. The agent can invest the amount x at time 0 to reduce the probability of infection (loss) to p(x, v). Assuming the agent is risk-neutral, her optimal security investment would be the value $x_{\ast }=x_{\ast }(v,\ell )$ minimizing

$$\begin{array}{c}\hfill x_{\ast }(v,\ell )=argmin\{x+\ell p(x,v):x\ge 0\}.\end{array}$$

Note that the fixed point solution(s) $x_{(}v,\ell )$ does not need to be non-decreasing in $(v,\ell )$. For instance, [29] consider the following example: $p(x,v)=v^{\alpha x+1}$, where $\alpha >0$ is a productivity measure parameter for information security. A sufficient condition for monotone investment is given in [38]: Assume that p(x, v) is twice continuously differentiable on ${\mathbb{R}}_{+}\times [0,1]$, non-increasing in x and $\frac{{\partial }^{2}p}{\partial x\partial v}(x,v)\le 0,$ then the function $(v,\ell )\to x_{\ast }(v,\ell )$ is non-decreasing in $(v,\ell )$. In this case, the security investment decision is simpler since there is an augmenting return on investment with vulnerability.

We extend the existing literature in several ways: we generalize the contagion model, allow for network heterogeneity and multiple security levels, and treat the directed network case. When investment is monotone, we show that the Nash equilibrium is unique. In the case of two types of core-periphery agents, we exhibit the strong effect of cost heterogeneity on network vulnerability and the non-monotonic investment as a function of costs.

Outline The paper is structured as follows. Section 2 provides two motivating examples for the optimal security investment game. In Sect. 3, we present our general framework for the study of contagion risks in random networks. We also state our main results on the asymptotic magnitude of contagion and resilience of large networks to small initial shocks in Sect. 3. In Sect. 4, we consider the network security game and provide a sufficient condition for the uniqueness of the equilibrium. In Sect. 5, we give a more detailed analysis of the particular case when there are two security classes, and investment in security provides strong protection. For the case of random regular graphs and core-periphery network modes, the social optimum is explicit, and we theoretically guarantee that the individual decision will be to underinvest compared to the social optimum. Section 6 concludes, and Appendix A contains all the proofs.

Notations We let $\mathbb{N}$ be the set of non-negative integers. For non-negative sequences $x_n$ and $y_n$, we write $x_n=O(y_n)$ if there exist $N\in \mathbb{N}$ and $c>0$ such that $x_n\le c{y}_n$ for all $n\ge N$, and $x_n=o(y_n)$ (or $x_n\ll y_n$), if $x_n/y_n\to 0$, as $n\to \infty$. Let ${\{X_n\}}_{n\in \mathbb{N}}$ be a sequence of real-valued random variables on a probability space $(\mathrm{\Omega },\mathbb{P})$. If $c\in \mathbb{R}$ is a constant, we write $X_n\stackrel{p}{⟶}c$ to denote that $X_n$ converges in probability to c. That is, for any $ϵ>0$, we have $\mathbb{P}(|X_n-c|>ϵ)\to 0$ as $n\to \infty$. Let ${\{a_n\}}_{n\in \mathbb{N}}$ be a sequence of real numbers that tends to infinity as $n\to \infty$. We write $X_n=o_p(a_n)$, if $|X_n|/a_n$ converges to 0 in probability. Additionally, we write $X_n=O_p(a_n)$, to denote that for any positive sequence $\omega (n)\to \infty$, we have $\mathbb{P}(|X_n|/a_n\ge \omega (n))=o(1)$. If ${\mathcal{E}}_n$ is a measurable subset of $\mathrm{\Omega }$, for any $n\in \mathbb{N}$, we say that the sequence ${\{{\mathcal{E}}_n\}}_{n\in \mathbb{N}}$ occurs with high probability (w.h.p.) if $\mathbb{P}({\mathcal{E}}_n)=1-o(1)$, as $n\to \infty$. Also, we denote by $\mathsf{Bin}(k,p)$ a binomial distribution corresponding to the number of successes of a sequence of k independent Bernoulli trials each having probability of success p. We will suppress the dependence of parameters on the size of the network n, if it is clear from the context.

Preliminaries

To illustrate the basic intuition in a simpler framework, this section provides two motivating examples for the network security game. First, the case of two agents is considered, followed by a simplified contagion process in the form of a contact process on infinite regular trees.

Optimal security investment for two agents

We first look at the optimal security investment game in the case of two agents $\mathcal{A}=\{1,2\}$ sharing two links ($1\to 2$ and $2\to 1$). Assume that each agent has two security choices $\mathcal{S}=\{0,1\}$: $s_i=1$ if the agent i invests in strong security (in this case, she never gets infected) and $s_i=0$ if the agent i does not invest in security and is subject to epidemic risk.

Table 1 summarizes the expected costs to the agents for the four possible outcomes: ${\ell }_i$ is the loss in case agent i becomes infected, and $C=C_1$ is the cost of investing in security (level 1). If agent i does not invest in security, there is a probability ${\alpha }_i$ that they become infected directly. On the other hand, ${\beta }_i$ denotes the probability of indirect contagion from the other agent. Let us make the example even simpler and assume that only direct loss can be avoided by investing in security.

Table 1.

Expected costs associated with investing and not investing in security

	Agent 2
	0	1
Agent 1
0	$({\alpha }_1+(1-{\alpha }_1){\alpha }_2{\beta }_1){\ell }_1,({\alpha }_2+(1-{\alpha }_2){\alpha }_1{\beta }_2){\ell }_2$	$({\alpha }_1{\ell }_1,C+{\alpha }_1{\beta }_2{\ell }_2)$
1	$(C+{\alpha }_2{\beta }_1{\ell }_1,{\alpha }_2{\ell }_2)$	(C, C)

We observe that investing in security is a dominant strategy for agent 1 if $C<{\alpha }_1{\ell }_1$ and

$$\begin{array}{c}\hfill C+{\alpha }_2{\beta }_1{\ell }_1<({\alpha }_1+(1-{\alpha }_1){\alpha }_2{\beta }_1){\ell }_1⟹C<{\alpha }_1(1-{\alpha }_2{\beta }_1){\ell }_1.\end{array}$$

Similarly, investing in security is a dominant strategy for agent 2 if $C<{\alpha }_2{\ell }_2$ and

$$\begin{array}{c}\hfill C+{\alpha }_1{\beta }_2{\ell }_2<({\alpha }_2+(1-{\alpha }_2){\alpha }_1{\beta }_2){\ell }_2⟹C<{\alpha }_2(1-{\alpha }_1{\beta }_2){\ell }_2.\end{array}$$

We conclude that if

$$\begin{array}{c}\hfill C<min\left\{{\alpha }_1,(1-{\alpha }_2{\beta }_1),{\ell }_1,,,{\alpha }_2,(1-{\alpha }_1{\beta }_2),{\ell }_2\right\},\end{array}$$

then both agents will invest in self-protection, while if

$$\begin{array}{c}\hfill C>max\left\{{\alpha }_1,{\ell }_1,,,{\alpha }_2,{\ell }_2\right\},\end{array}$$

then neither agent will want to invest in self-protection. In the case

$$\begin{array}{c}\hfill max\left\{{\alpha }_1,(1-{\alpha }_2{\beta }_1),{\ell }_1,,,{\alpha }_2,(1-{\alpha }_1{\beta }_2),{\ell }_2\right\}<C<min\{{\alpha }_1{\ell }_1,{\alpha }_2{\ell }_2\},\end{array}$$

there are two Nash equilibria, (0,0) and (1,1), and the solution to this game is indeterminate. In other cases, the agent with higher loss will invest in security, while the agent with lower loss will prefer not to invest.

Contact process on infinite regular trees

We now consider a set of infinitely many agents placed over an infinite directed regular tree with the same in-degree (denoted by $d^{+}$) and out-degree (denoted by $d^{-}$) satisfying $d^{+}=d^{-}=d$. Let $\mathcal{S}=\{0,1,\cdots ,K\}$ be a finite ensemble of all possible security strategies for each agent, and, ${\beta }_0>{\beta }_1>\cdots >{\beta }_K$ be the infection probabilities over each directed edge depending on the security investment of the host agent. Further, let ${\alpha }_0\ge {\alpha }_1\ge \cdots \ge {\alpha }_K$ denote the initial exogenous infection probabilities.

Let ${\gamma }_0,{\gamma }_1,\cdots ,{\gamma }_K\in [0,1]$ with ${\gamma }_0+{\gamma }_1+\cdots +{\gamma }_K=1$ be the fraction (probability) of agents invested in each security class. A simple argument shows that

$$\begin{array}{c}\hfill g_s(x):=1-(1-{\alpha }_s){\left(1,-,{\beta }_s,x\right)}^d\end{array}$$

is the probability that an agent invested in security class $s\in \mathcal{S}$ ever gets infected assuming each of its incoming neighbors are infected with probability x.

Assume that each agent i faces a fixed potential loss ${\ell }_i$ in case they become infected. Investing in a higher security class decreases the infection probability but increases the cost. Let $C_s$ denote the cost of investing in security level s. So we can write the loss function for agent i investing in security class $s\in \mathcal{S}$ as

$$\begin{array}{c}\hfill J_i(s,\gamma )={\ell }_i{g}_s(x_{\ast }^{\gamma })+C_s,\end{array}$$

where (by a simple recursive argument) $x_{\ast }^{\gamma }$ is the solution in [0,1] to the fixed point equation

$$\begin{array}{c}\hfill x={\mathrm{\Phi }}^{\gamma }(x):=\sum _{s\in \mathcal{S}}{\gamma }_s{g}_s(x).\end{array}$$

Note that ${\mathrm{\Phi }}^{\gamma }(0)\ge 0,{\mathrm{\Phi }}^{\gamma }(1)\le 1$ and ${\mathrm{\Phi }}^{\gamma }(x)$ is a strictly increasing function of x. Hence, in this case the fixed point solution is unique.

We call $x_{\ast }^{\gamma }$ the global network vulnerability parameter as it represents the fraction of infected links in the network. Obviously, this parameter also depends on the agents security strategies through ${\gamma }_0,{\gamma }_1,\cdots ,{\gamma }_K$. In order to find out these quantities in equilibrium, let us denote by ${\delta }_s(x)$ the infection probability variation between security level s and $s-1$, i.e.,

$$\begin{array}{c}\hfill {\delta }_s(x):=g_{s-1}(x)-g_s(x)=(1-{\alpha }_s){\left(1,-,{\beta }_s,x\right)}^d-(1-{\alpha }_{s-1}){\left(1,-,{\beta }_{s-1},x\right)}^d>0,\end{array}$$

so that each agent i prefers security class s over $s-1$ if and only if

$$\begin{array}{c}\hfill {\ell }_i>{\ell }_s(x):=\frac{C_s-C_{s-1}}{{\delta }_s(x)}.\end{array}$$

As we will see later in Sect. 4, we will assume that the cost function is such that

$$\begin{array}{c}\hfill {\ell }_1(x)\le {\ell }_2(x)\le \cdots \le {\ell }_K(x),\end{array}$$

for all $x\in [0,1]$. Indeed, if ${\ell }_{s+1}(x)<{\ell }_s(x)$, the agent who believes in vulnerability x will never invest in security class s for any loss $\ell$: If $\ell <{\ell }_s(x)$, the agent prefers $s-1$ over s, and if $\ell \ge {\ell }_s(x)>{\ell }_{s+1}(x)$, the agent prefers security $s+1$ over s. In particular, the condition will be satisfied if $g_s(x)$ and $C_s$ are both (discrete) convex functions of s:

$$\begin{array}{c}\hfill C_{s+1}+C_{s-1}\ge 2C_s,\text{and}{g}_{s+1}(x)+g_{s-1}(x)\ge 2g_s(x),\end{array}$$

since in this case ${\delta }_s(x)=g_{s-1}(x)-g_s(x)$ will be a decreasing function of s.

Consider now a strictly increasing continuous loss distribution function F. Consequently, it yields that the fraction ${\gamma }_e^{(s)}$ of agents investing in security s in equilibrium satisfies

$$\begin{array}{c}\hfill {\gamma }_e^{(s)}=F({\ell }_{s+1}(x_{\ast }^{{\gamma }_e}))-F({\ell }_s(x_{\ast }^{{\gamma }_e})),\end{array}$$

where $x_{\ast }^{{\gamma }_e}$ is the unique solution to the fixed point equation $x={\mathrm{\Phi }}^{{\gamma }_e}(x)$:

$$\begin{array}{c}\hfill x=\sum _{s\in \mathcal{S}}{\gamma }_e^{(s)}{g}_s(x),\end{array}$$

and, we set ${\ell }_{K+1}(x)=\infty ,F({\ell }_{K+1}(x))=1$ and $F({\ell }_0(x))=0$. We will come back to this example later in Sect. 5.2 and investigate how the social optimum security strategies differ from the individual decisions.

Independent threshold model with security profiles

In this section, we provide our general framework for the study of contagion risks in random networks and state our main results on the asymptotic magnitude of contagion. We will also provide a resilience condition for the large network to small initial shocks and show how the bailout and intervention by a planner (government) could change the results and make the network more resilient. These results are prerequisites for the analysis of the security game in the next section.

Contagion risk model

Consider a directed graph $G=(V,E)$ where $V=[n]:=\{1,2,\cdots ,n\}$ is the set of n vertices (agents). We study the independent threshold model with security investment, in which a vertex’s threshold is drawn independently from a distribution which depends on the vertex’s degrees and its security investment. More precisely, we consider a finite ensemble of security classes $\mathcal{S}$. We use the notations $\mathbf{s}=(s_1,s_2,\cdots ,s_n)$ and ${\mathbf{s}}_{-i}=(s_1,\cdots ,s_{i-1},s_{i+1},\cdots ,s_n)$ to denote the security profiles of all agents and all agents other than i respectively.

The contagion process under the threshold model is a diffusion process that starts with a set ${\mathcal{I}}_0^{(\mathbf{s})}\subseteq V$ consisting of initially infected vertices, while every other vertex is uninfected. For each vertex $i\in V$ with security level $s\in \mathcal{S}$, we assign a (random) threshold ${\mathrm{\Theta }}_i^{(s)}\in \mathbb{N}$ representing its capacity to resist infection from incoming neighbors. We denote by $p^{(s)}(d^{+},d^{-},\theta )$ the probability that a vertex with in-degree $d^{+}$, out-degree $d^{-}$ and investing in security class s becomes infected after (exactly) $\theta$ of its incoming neighbors are infected:

$$\begin{array}{c}\hfill p^{(s)}(d^{+},d^{-},\theta ):=\mathbb{P}({\mathrm{\Theta }}_i^{(s)}=\theta ),\end{array}$$

for agent i with degrees $(d^{+},d^{-})$ and investing in security class $s\in \mathcal{S}$.

The contagion process starts from ${\mathcal{I}}_0^{(\mathbf{s})}$ and continues progressively by rounds. In round $k\ge 1$, the contagion reaches a set

$$\begin{array}{c}\hfill {\mathcal{I}}_k^{(\mathbf{s})}:=\left\{i,\in ,V,\mid ,{\mathrm{\Theta }}_i^{(s_i)},\le ,\#,\{j\in {\mathcal{I}}_{k-1}^{(\mathbf{s})},(j,i)\in E\}\right\}.\end{array}$$

This is repeated until no more vertices become infected. Note that the set of final infected vertices depend on the security investment across all agents. The final infected set is denoted by ${\mathcal{I}}_f^{(\mathbf{s})}$. We now provide few important classes of contagion models which can be seen as a special case of our general framework.

Example 3.1

(Independent cascade models) The cascade model has been extensively used for modeling the spread of infectious diseases, computer viruses, diffusion of innovation, and marketing. For example, consider the SIR (susceptible-infected-removed) epidemic model in which sites (vertices) begin as susceptible, and after being infected, they become removed, i.e., become immune to further infection. Let ${\alpha }_s$ denote the initial infection probability, and ${\beta }_s$ denote the probability of getting infected from each incoming neighbor if the host vertex invests in security (immunization) class s. It is easy to show that the above independent cascade model corresponds to the independent threshold model by setting

$$\begin{array}{c}\hfill p^{(s)}(d^{+},d^{-},0)={\alpha }_s\text{and}{p}^{(s)}(d^{+},d^{-},\theta )=(1-{\alpha }_s){\beta }_s{(1-{\beta }_s)}^{\theta -1},\end{array}$$

for all $d^{+},d^{-}\in \mathbb{N}$ and $\theta =1,\cdots ,d^{+}$.

Example 3.2

(Bootstrap percolation model) In the case where

$$\begin{array}{c}\hfill p^{(s)}(d^{+},d^{-},0)={\alpha }_s,p^{(s)}(d^{+},d^{-},\theta )=(1-{\alpha }_s){\text{11}}_{\{\theta ={\theta }_s\}},\end{array}$$

our model is equivalent to the bootstrap percolation process for each security class s. This process (as well as numerous extensions and variations) has been used as a model to describe various complex phenomena in different areas. A short survey regarding its applications can be found in [3]. Several quantitative characteristics of bootstrap percolation, particularly the dependence of the initially infected set on the final infected set, have been studied on a variety of random graphs [6, 9, 10, 16, 33].

Example 3.3

(Linear threshold model) The linear threshold model has been extensively used in the literature, particularly to model neuronal activity [4, 22] and default contagion in financial networks [5, 7, 11, 27]. In this model, see e.g. [34], the edge weights $\left(L_{\mathit{ij}}\right)$ denote the liability (influence) that agent i has on agent j and $C_i=C_i^{(s)}$ represents the capacity (capital or threshold) for agent i to absorb the losses (influences) from incoming neighbors before becoming infected. At every time step, each agent i computes the total incoming weight from all infected neighbors, and if the sum exceeds the threshold $C_i^{(s)}$, they become infected and remain so forever. For each $i\in \mathbb{N}$, let ${\{L_{\ell ,i}\}}_{\ell =1}^{\infty }$ be a sequence of i.i.d. random variables. For a vertex i with degree $(d^{+},d^{-})$, by setting

$$\begin{array}{c}\hfill p^{(s)}(d^{+},d^{-},\theta )=\mathbb{P}({\mathrm{\Theta }}_i^{(s)}=\theta )=\mathbb{P}\left(\sum _{\ell =1}^{\theta -1},L_{\ell ,i},\le ,C_i^{(s)},<,\sum _{\ell =1}^{\theta },L_{\ell ,i}\right),\end{array}$$ 1

all our results will be applicable to the linear threshold model with i.i.d. random weights.

The directed configuration model

We represent the underlying network as a set of vertices $[n]:=\{1,2,\dots ,n\}$, endowed with a sequence of in-degrees ${\mathbf{d}}^{+}:={\{d_i^{+}\}}_{i\in [n]}$ and a sequence of out-degrees ${\mathbf{d}}^{-}:={\{d_i^{-}\}}_{i\in [n]}$. Naturally, the degrees should satisfy the condition that ${\sum }_{i=1}^n{d}_i^{+}={\sum }_{i=1}^n{d}_i^{-},$ in order for a graph with in- and out-degree sequence $({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ to exist. A vertex $i\in [n]$, with degree $(d_i^{+},d_i^{-})$ is assigned $d_i^{+}$ in-coming half edges and $d_i^{-}$ out-going half edges, and the condition above ensures that in total there are as many in-coming half edges as there are out-going half edges. The configuration model with given directed degree sequence $({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ is defined as the multigraph resulting from the uniform random matching of the in-coming half edges and the out-going half edges [19, 43]. This graph is denoted by $\mathcal{G}=\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and we write $(i,j)\in \mathcal{G}$ for the event that there is a directed link from i to j. Although self-loops may occur, these become rare as $n\to \infty$. It is easy to see that, conditional on the multigraph being simple graph, we obtain a uniformly distributed random graph with these given degree sequences; see e.g., [43].

We now describe the regularity assumptions on vertex degrees under the security profile ${\mathbf{s}}_n=(s_1,s_2,\cdots ,s_n)$. For each $n\in \mathbb{N}$ we have a degree sequence $({\mathbf{d}}_n^{+},{\mathbf{d}}_n^{-})$ and security profile ${\mathbf{s}}_n=(s_1,s_2,\cdots ,s_n)$, but (to lighten notation) this dependency on n will not be carried in the notation. The empirical distribution of the degrees is denoted by ${\mu }_n$ which is given by

$$\begin{array}{c}\hfill {\mu }_n^{(s)}(d^{+},d^{-}):=\frac{1}{n}\sum _{i=1}^n{\text{11}}_{\{d_i^{+}=d^{+},d_i^{-}=d^{-},s_i=s\}}.\end{array}$$ 2

We assume that the sequence $({\mathbf{d}}^{+},{\mathbf{d}}^{-},\mathbf{s})$ satisfies the following regularity conditions:

Condition 3.4

(Degree regularity conditions) We say that the sequence $({\mathbf{d}}^{+},{\mathbf{d}}^{-},\mathbf{s})$ satisfies the regularity conditions if for some probability distribution $\mu :{\mathbb{N}}^2\times \mathcal{S}\to [0,1]$, independent of n, the following holds:

($C_1$)

for every $d^{+},d^{-}\in \mathbb{N}$ and $s\in \mathcal{S}$, as $n\to \infty$

$$\begin{array}{c}\hfill {\mu }_n^{(s)}(d^{+},d^{-})\to {\mu }^{(s)}(d^{+},d^{-});\end{array}$$

($C_2$)

The average degree $\lambda :={\sum }_{j=0}^{\infty }{\sum }_{k=0}^{\infty }{\sum }_{s\in \mathcal{S}}j{\mu }^{(s)}(j,k)\in (0,\infty )$ and as $n\to \infty$

$$\begin{array}{c}\hfill \sum _{j=0}^{\infty }\sum _{k=0}^{\infty }\sum _{s\in \mathcal{S}}j{\mu }_n^{(s)}(j,k)\to \lambda .\end{array}$$

We end this section by the following remark:

Remark 3.5

We state our results for the random multigraph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ constructed by configuration model. However, they could be transferred by conditioning on the multigraph being a simple graph (without loop and multiples edges). The resulting random graph, denoted by ${\mathcal{G}}^{\ast }({\mathbf{d}}^{+},{\mathbf{d}}^{-})$, will be uniformly distributed among all directed graphs with the same degrees sequence. In order to transfer the results, we would need to assume that the degree distribution has a finite second moment, i.e.

$$\begin{array}{c}\hfill \sum _{j=0}^{\infty }\sum _{k=0}^{\infty }\sum _{s\in \mathcal{S}}{(j+k)}^2{\mu }^{(s)}(j,k)\in (0,\infty ),\end{array}$$

which from [30] implies that the probability that $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ is simple being bounded away from zero as $n\to \infty$. However, as stated also in [32], we suspect that all results hold even without the second moment assumption for simple random graph ${\mathcal{G}}^{\ast }({\mathbf{d}}^{+},{\mathbf{d}}^{-})$. In [20], the authors have recently shown results for the size of the giant component from the multigraph case without using the second moment assumption; they prove that even with the (exponentially) small probability that the multigraph is simple, the error probabilities are even smaller.

Limit theorems and the resilience conditions

We let $p^{(s)}(d^{+},d^{-},0)$ the probability that agent $i\in [n]$ with degree $(d^{+},d^{-})$ and investing in security $s\in \mathcal{S}$ is initially infected:

$$\begin{array}{c}\hfill p^{(s)}(d^{+},d^{-},0)=\mathbb{P}(i\in {\mathcal{I}}_0^{(\mathbf{s})}\mid s_i=s,d_i^{+}=d^{+},d_i^{-}=d^{-}).\end{array}$$

Let us denote by ${\mathcal{I}}_f^{(s)}(d^{+},d^{-})$ the set of finally infected agents with degrees $(d^{+},d^{-})$ and security level $s\in \mathcal{S}$.

We define the function ${\mathrm{\Phi }}^{(\mathbf{s})}:[0,1]\to [0,1]$ as

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}^{(\mathbf{s})}(x)& :=\sum _{j=0}^{\infty }\sum _{k=0}^{\infty }\sum _{s\in \mathcal{S}}\frac{k{\mu }^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ),\hfill \end{array}$$ 3

and let $x_{\ast }^{(\mathbf{s})}$ be the smallest fixed point of ${\mathrm{\Phi }}^{(\mathbf{s})}$ in [0, 1]. Note that ${\mathrm{\Phi }}^{(\mathbf{s})}$ admits at least one fixed point since it is a continuous increasing function, ${\mathrm{\Phi }}^{(\mathbf{s})}(1)\le 1$ and ${\mathrm{\Phi }}^{(\mathbf{s})}(0)\ge 0$.

We can interpret $x_{\ast }^{(\mathbf{s})}$ as the probability that an incoming neighbor of a randomly chosen agent gets infected during the contagion process. The intuition behind Eq. (3) is the as follows: The incoming neighbor of a randomly chosen agent has in-degree j, out-degree k, and security s with the size-biased distribution $\frac{k{\mu }^{(s)}(j,k)}{\lambda }$. Moreover, they will have threshold $\theta$ with probability $p^{(s)}(j,k,\theta )$ and they will get infected if at least $\theta$ of their incoming neighbors are infected (each independently with probability $x_{\ast }^{(\mathbf{s})}$).

Our first theorem concerns the limit theorem for the final number of infected agents when the number of initially infected agents is macroscopic:

Theorem 3.6

Consider a sequence of random graphs $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and security profiles $\mathbf{s}$ satisfying Condition 3.4 and let $x_{\ast }^{(\mathbf{s})}$ be the smallest fixed point of ${\mathrm{\Phi }}^{(\mathbf{s})}$ in [0, 1]. We have for all $ϵ>0$ w.h.p.

$$\begin{array}{cc}\hfill \frac{|{\mathcal{I}}_f^{(\mathbf{s})}|}{n}\ge & \sum _{j,k}\sum _{s\in \mathcal{S}}{\mu }^{(s)}(j,k)\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x_{\ast }^{(\mathbf{s})})\ge \theta )-ϵ.\hfill \end{array}$$

Moreover,

• if $x_{\ast }^{(\mathbf{s})}=1$ then w.h.p. almost all vertices become infected: $|{\mathcal{I}}_f|=n-o_p(n);$

• if $x_{\ast }^{(\mathbf{s})}<1$ and furthermore $x_{\ast }^{(\mathbf{s})}$ is a stable fixed point of ${\mathrm{\Phi }}^{(\mathbf{s})}$ (i.e., ${\mathrm{\Phi }}^{(\mathbf{s})}(x)<x$ for $x\in (x_{\ast }^{(\mathbf{s})},x_{\ast }^{(\mathbf{s})}+ϵ)$ and $ϵ>0$ small enough), then

  $$\begin{array}{cc}\hfill \frac{|{\mathcal{I}}_f^{(\mathbf{s})}|}{n}\stackrel{p}{⟶}\psi (x_{\ast }^{(\mathbf{s})})& :=\sum _{j,k}\sum _{s\in \mathcal{S}}{\mu }^{(s)}(j,k)\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x_{\ast }^{(\mathbf{s})})\ge \theta ),\hfill \end{array}$$

  and,

  $$\begin{array}{c}\hfill \frac{|{\mathcal{I}}_f^{(s)}(d^{+},d^{-})|}{n{\mu }_n^{(s)}(d^{+},d^{-})}\stackrel{p}{⟶}{\psi }^{(s)}(d^{+},d^{-},x_{\ast }^{(\mathbf{s})}):=\sum _{\theta =0}^j{p}^{(s)}(d^{+},d^{-},\theta )\mathbb{P}(\mathsf{Bin}(d^{+},x_{\ast }^{(\mathbf{s})})\ge \theta ).\end{array}$$

The theorem extends the result in [7] by allowing for different agent types (securities) distributions. The proof of the theorem is provided in Appendix A.3.

Our next theorem concerns the case with few initially infective agents, i.e. $|{\mathcal{I}}_0^{(\mathbf{s})}|=o(n)$. As a corollary of Theorem 3.6, we have:

Theorem 3.7

Consider a random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and a security profile $\mathbf{s}$ satisfying Condition 3.4. If there exists $x_0>0$ such that for all $0<x<x_0$,

$$\begin{array}{c}\hfill x>\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k{\mu }^{(s)}(j,k)}{\lambda }\sum _{\theta =1}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ),\end{array}$$

and we initially infect randomly $|{\mathcal{I}}_0^{(\mathbf{s})}|=o(n)$ vertices in [n], then $|{\mathcal{I}}_f^{(\mathbf{s})}|=o_p(n)$.

Further, as a corollary of the above theorem, we have the following result, which generalizes the resilience condition of [7] by allowing for different agent types.

Let us define

$$\begin{array}{c}\hfill {\mathcal{R}}_0^{(\mathbf{s})}:=\frac{1}{\lambda }\sum _{j,k\in \mathbb{N}}\sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)p^{(s)}(j,k,1).\end{array}$$ 4

We denote by ${\mathcal{S}}_1$ to be the largest strongly connected component of the random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ on which we apply the site percolation process by removing all vertices with threshold ${\mathrm{\Theta }}_i\ge 2$. Let ${\mathcal{I}}_f^{(\mathbf{s})}(i)$ denote the final infected set when the epidemic is initiated from vertex $i\in [n]$, under the security profile $\mathbf{s}$.

Theorem 3.8

Consider a random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and a security profile $\mathbf{s}$ satisfying Condition 3.4.

• If ${\mathcal{R}}_0^{(\mathbf{s})}<1$,

  $$\begin{array}{c}\hfill \sum _{j,k}\sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)<\infty \end{array}$$

  and we initially infect randomly $|{\mathcal{I}}_0^{(\mathbf{s})}|=o(n)$ vertices in [n], then $|{\mathcal{I}}_f^{(\mathbf{s})}|=o_p(n)$.
• If ${\mathcal{R}}_0^{(\mathbf{s})}>1$ then w.h.p. for any $i\in {\mathcal{S}}_1$,

  $$\begin{array}{c}\hfill \underset{n}{lim\; inf}\frac{|{\mathcal{I}}_f^{(\mathbf{s})}(i)|}{n}\ge \underset{n}{lim\; inf}\frac{|{\mathcal{S}}_1|}{n}>0.\end{array}$$

The proof of the theorem is provided in Appendix A.6. It is worth noting that the above resilience condition requires ${\sum }_{j,k}{\sum }_{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)<\infty$. In [7], this is implied by the condition of finite second-order moment for the degree distribution. Thus, under the resilience condition and assuming that ${\sum }_{j,k}jk\mu (j,k)<\infty$, the infection amplification is finite. However, if

$$\begin{array}{c}\hfill \sum _{j,k}\sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)=\infty ,\end{array}$$

which is the case for many real-world networks, a small fraction of initially infected agents can still trigger a large cascade under certain conditions. This is the object of a new result in this paper, which we state below.

Consider the case when ${\sum }_{j,k}{\sum }_{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)=\infty$. Suppose that there is a positive fraction of vertices with a finite threshold and at the same time with a large number of in- and out-degrees. These vertices will amplify the initial infections: their large number of incoming links will likely be connected to multiple initially infected vertices, and thus these vertices will reach their infection threshold. Moreover, these vertices have a large out-degree, and thus they will increase the rate of the epidemic’s spread. The following theorem is another corollary of Theorem 3.6.

Theorem 3.9

Consider a random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and a security profile $\mathbf{s}$ satisfying Condition 3.4. Assume that a small fraction $ϵ>0$ of all vertices represent the initial seed, i.e.,

$$\begin{array}{c}\hfill \sum _{j,k}\sum _{s\in \mathcal{S}}{\mu }^{(s)}(j,k)p^{(s)}(j,k,0)=ϵ.\end{array}$$

If there exists $x_0>0$ such that for all $0<x<x_0$,

$$\begin{array}{c}\hfill x<\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k{\mu }^{(s)}(j,k)}{\lambda }\sum _{\theta =1}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ),\end{array}$$

then with high probability (for all $ϵ>0$)

$$\begin{array}{c}\hfill \frac{|{\mathcal{I}}_f^{(s)}|}{n}>\psi (x_0)>0.\end{array}$$

The following corollary shows a discontinuity at 0 for the final size of the infected agents when the degree distribution is heavy-tailed, such as in scale-free networks.

Corollary 3.10

Assume that for some $K\in \mathbb{N},c\in {\mathbb{R}}^{+}$ and $\chi \in (2,3)$:

$$\begin{array}{c}\hfill \sum _{k\in \mathbb{N}}\sum _{s\in \mathcal{S}}\sum _{\theta =1}^{K}k{\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\ge c{j}^{-\chi +1}\end{array}$$

for all $j\in \mathbb{N}$. Consider a small fraction $ϵ>0$ of all vertices represent the initial seed, i.e.,

$$\begin{array}{c}\hfill \sum _{j,k}\sum _{s\in \mathcal{S}}{\mu }^{(s)}(j,k)p^{(s)}(j,k,0)=ϵ.\end{array}$$

Then there exists $\widehat{x}>0$ the smallest positive solution of

$$\begin{array}{c}\hfill x=\sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta \ge 1}\frac{k{\mu }^{(s)}(j,k)}{\lambda }p(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta )\end{array}$$ 5

such that for all $ϵ>0$, with high probability

$$\begin{array}{c}\hfill 0<\psi (\widehat{x})<\frac{|{\mathcal{I}}_f^{(s)}|}{n}<\psi (\widehat{x})+2ϵ.\end{array}$$

The proof of above corollary is provided in Appendix A.4. This shows that the final size of the cascade has a jump discontinuity at 0 when the degree distribution is heavy-tailed and the condition

$$\begin{array}{c}\hfill \sum _{k\in \mathbb{N}}\sum _{s\in \mathcal{S}}\sum _{\theta =1}^{K}k{\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\ge c{j}^{-\chi +1}\end{array}$$

holds for all $j\in \mathbb{N}$. In particular, this condition implies that (since $\chi \in (2,3)$),

$$\begin{array}{c}\hfill \sum _{j,k}\sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)\ge c\sum _j{j}^{-\chi +2}=\infty .\end{array}$$

The interest of this result lies in the case $K>1$, since when $K=1$, we already know from Theorem 3.8 that with this condition ${\mathcal{R}}_0^{(\mathbf{s})}>1$, and the network is not resilient. Note that in the fixed-point equation (5), the threshold runs over $\theta \ge 1$, contrary to the fixed point of the function ${\mathrm{\Phi }}^{(\mathbf{s})}$ in Theorem 3.6. Corollary 3.10 states that as the fraction of vertices with $\theta =0$ tends to zero, the number of vertices that become infected (which have a threshold $\theta >0$) represents a positive fraction of the system. We also give a precise value for this final fraction of infected vertices.

Targeting interventions

In this section, we consider a social planner (lender of last resort or government) who seeks to intervene and make the network (which is initially subject to an exogenous shock) resilient, by targeting the most central players. Note that the interventions are based on the partial information of the network (based on the degrees and security class of each agent). The complete information setup has been studied in various papers, see e.g.,  [15, 28, 34–36].

We assume that the planner’s intervention could be either saving (vulnerable) links in the network or saving (defaulting/infected) agents based on their degrees and security classes. We denote by $(1-{\pi }_e)\in [0,1]$ the fraction of links saved by the planner, i.e., ${\pi }_e$ denotes the fraction of remaining links in the network. Further, for a given function ${\pi }_v:{\mathbb{N}}^2\times \mathcal{S}\to [0,1]$, we denote by $(1-{\pi }_v^{(s)}(d^{+},d^{-}))$ the fraction of agents with degree $(d^{+},d^{-})$ and invested in security class $s\in \mathcal{S}$ saved (bailed out) by the planner.

The above intervention model is equivalent to considering contagion in the percolated random graph, where we first generate the random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ using the configuration model and then randomly delete either vertices or edges based on the given intervention policy (since saved links and agents will not play any role in the contagion process). We denote this percolated random graph by ${\mathcal{G}}_{{\pi }_v,{\pi }_e}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$. Specifically, each edge of $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ is deleted with probability $1-{\pi }_e$ and each agent with degree $(d^{+},d^{-})$ and invested in security s is removed from the network with probability $1-{\pi }_v^{(s)}(j,k)$. Consider now the independent threshold model on the percolated random graph ${\mathcal{G}}_{{\pi }_v,{\pi }_e}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$.

Theorem 3.11

Consider ${\mathcal{G}}_{{\pi }_v,{\pi }_e}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and suppose that Condition 3.4 holds. Let $x_{\ast }^{(\mathbf{s})}$ be the smallest fixed point in [0,1] of

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}_{{\pi }_v,{\pi }_e}^{(\mathbf{s})}(x)& :=\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k{\mu }^{(s)}(j,k){\pi }_v^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x{\pi }_e)\ge \theta ).\hfill \end{array}$$

If $x_{\ast }^{(\mathbf{s})}<1$ and furthermore $x_{\ast }^{(\mathbf{s})}$ is a stable fixed point of ${\mathrm{\Phi }}_{{\pi }_v,{\pi }_e}^{(\mathbf{s})}$, then

$$\begin{array}{c}\hfill \frac{|{\mathcal{I}}_f^{(\mathbf{s})}|}{n}\stackrel{p}{⟶}\sum _{j,k}\sum _{s\in \mathcal{S}}{\mu }^{(s)}(j,k){\pi }_v^{(s)}(j,k)\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x_{\ast }^{(\mathbf{s})}{\pi }_e)\ge \theta ),\end{array}$$

and,

$$\begin{array}{c}\hfill \frac{|{\mathcal{I}}_f^{(s)}(d^{+},d^{-})|}{n{\mu }_n^{(s)}(d^{+},d^{-}){\pi }_v^{(s)}(d^{+},d^{-})}\stackrel{p}{⟶}\sum _{\theta =0}^j{p}^{(s)}(d^{+},d^{-},\theta )\mathbb{P}(\mathsf{Bin}(d^{+},x_{\ast }^{(\mathbf{s})}{\pi }_e)\ge \theta ).\end{array}$$

The proof of theorem is provided in Appendix A.5

We now investigate how the interventions could make the network resilient. Let us denote by ${\tilde{\mathcal{S}}}_1$ the largest strongly connected component of the percolated random graph ${\mathcal{G}}_{{\pi }_v,{\pi }_e}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ (network after interventions) on which we apply (another) site percolation by removing all vertices with threshold ${\mathrm{\Theta }}_i\ge 2$.

Theorem 3.12

Consider ${\mathcal{G}}_{{\pi }_v,{\pi }_e}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and suppose that Condition 3.4 holds. We have:

• (i)
  If ${\sum }_{j,k,s}jk{\mu }^{(s)}(j,k)<\infty$ and

  $$\begin{array}{c}\hfill {\pi }_e<{\pi }_e^{\ast }:=\frac{\lambda }{{\sum }_{j,k,s}jk{\mu }^{(s)}(j,k){\pi }_v^{(s)}(j,k)p^{(s)}(j,k,1)},\end{array}$$

  then the network is resilient, i.e., if we we start by initially infecting (randomly) $|{\mathcal{I}}_0^{(\mathbf{s})}|=o(n)$ vertices in [n], then $|{\mathcal{I}}_f^{(\mathbf{s})}|=o_p(n)$.
• (ii)
  If ${\pi }_e>{\pi }_e^{\ast }$, then w.h.p. for any $i\in {\tilde{\mathcal{S}}}_1$,

  $$\begin{array}{c}\hfill \underset{n}{lim\; inf}\frac{|{\mathcal{I}}_f^{(\mathbf{s})}(i)|}{n}\ge \underset{n}{lim\; inf}\frac{|{\tilde{\mathcal{S}}}_1|}{n}>0.\end{array}$$

The proof of theorem is provided in Appendix A.6. The theorem characterizes the critical value of the bond percolation parameter (fraction of vulnerable links saved by the planner) required to make the network resilient. Note that if ${\pi }_e^{\ast }>1$, then the network is already resilient under the site percolation (agents bailout by the planner).

Network security games

In this section, we study the network security game and provide sufficient conditions for the uniqueness of an (asymptotic) Nash equilibrium.

Remark 4.1

For the financial applications, considering the linear threshold model of Example 3.3, the threshold represents the liquidity or capital to absorb incoming losses from the defaulted neighbors (creditors). In this case, the security class could represent the quality of a firms’ assets in terms of liquidity and capital charges. A firm with more liquid assets will then have higher Tier 1 capital. In this case, instead of security classes, we can introduce different asset liquidity classes, so that agents (banks) choose optimally their asset liquidity classes. Our results could be easily transferred to this case.

Contagion risks model

We consider a network security game introduced and motivated in Sect. 2. We assume that agent i can obtain a security level $s\in \mathcal{S}:=\{0,1,\cdots ,K\}$ for a cost $C_i^{(s)}=C^{(s)}(d_i^{+},d_i^{-})$, and faces a potential loss ${\ell }_i$ in case it becomes infected. It is natural to assume that:

$(C_3)$

For all vertices the threshold is stochastically increasing with the security investment i.e., for any agent with degrees $(d^{+},d^{-})$ and for $s<s^{\prime }$ we have for all $k\in \mathbb{N}$,

$$\begin{array}{c}\hfill \sum _{\theta =0}^k{p}^{(s)}(d^{+},d^{-},\theta )>\sum _{\theta =0}^k{p}^{(s^{\prime })}(d^{+},d^{-},\theta ).\end{array}$$ 6

On the other hand, we assume that investing in a higher security class increases the cost and thus $C_i^{(s)}$ is strictly increasing in s.

The timeline is as follows: agents learn their potential loss in case they become infected. This is their private information, but the distribution of losses, denoted by F, is common knowledge. Agents then decide on their security level. They draw a threshold $\theta$ from a distribution that increases stochastically with their security investment and depends on their degree. Agents that have a threshold of zero are initially infected and trigger a cascade of infections. This is equivalent to the random attack model, in which the attacker targets and infects each agent based on their degree and security level (see, e.g., [2]).

We assume that agents are risk neutral, so in the network of size n, we can write the payoff of vertex i as

$$\begin{array}{c}\hfill J_i(\mathit{\ell },\mathbf{s})=J_i({\ell }_1,\dots ,{\ell }_n,s_1,\dots ,s_n):={\ell }_i{\mathbb{P}}_n(i\in {\mathcal{I}}_f^{(\mathbf{s})})+C_i^{(s_i)},\end{array}$$

where ${\mathbb{P}}_n(i\in {\mathcal{I}}_f^{(\mathbf{s})})$ is over the distribution of the random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ of size n and random thresholds, given all vertices’ degrees, losses and investment security vector $\mathbf{s}$.

We say that a security investment across agents ${\mathbf{s}}^{\ast }=(s_1^{\ast },s_2^{\ast },\cdots ,s_n^{\ast })$ is a (pure-strategy) Nash equilibrium if

$$\begin{array}{c}\hfill s_i^{\ast }\in \underset{s\in \mathcal{S}}{argmin}{J}_i({\ell }_1,\dots ,{\ell }_n,s_1^{\ast },\dots ,s_{i-1}^{\ast },s,s_{i+1}^{\ast },\dots ,s_n^{\ast }),\end{array}$$

for all $i\in [n]$.

Similarly, a security profile ${\mathbf{s}}^{\ast }=(s_1^{\ast },s_2^{\ast },\cdots ,s_n^{\ast })$ is a social optimum if for all $\mathbf{s}\in {\mathcal{S}}^n$,

$$\begin{array}{c}\hfill \sum _{i=1}^n{J}_i(\mathit{\ell },{\mathbf{s}}^{\ast })\le \sum _{i=1}^n{J}_i(\mathit{\ell },\mathbf{s}).\end{array}$$

Conditions for monotone investment

Consider a sequence of random graphs $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and security profiles $\mathbf{s}$ satisfying Condition 3.4. According to Theorem 3.6, see also the proof in Appendix A.3, we know that $x_{\ast }^{(\mathbf{s})}$ is the ratio of infected edges among all the edges. We call this parameter the global vulnerability of the network and securities. Then, for a given random network with vulnerability x, a representative agent with degrees $(d^{+},d^{-})$ and security s will become infected and faces losses $\ell$ with (asymptotic) probability

$$\begin{array}{c}\hfill {\psi }^{(s)}(d^{+},d^{-},x):=\sum _{\theta =0}^{d^{+}}{p}^{(s)}(d^{+},d^{-},\theta )\mathbb{P}(\mathsf{Bin}(d^{+},x)\ge \theta ).\end{array}$$

Consequently, under the network vulnerability parameter $x\in [0,1]$, the agent’s optimal security investment shall be the value $s^{\ast }(x)$ satisfying

$$\begin{array}{c}\hfill s^{\ast }(x)\in \underset{s\in \mathcal{S}}{argmin}\left\{\ell ,{\psi }^{(s)},(d^{+},d^{-},x),+,C^{(s)},(d^{+},d^{-})\right\}.\end{array}$$

This can be interpreted as an asymptotic Nash equilibrium with respect to the representative agent’s optimal security investment when the global network vulnerability x summarizes the impact of all individuals’ optimal security strategies and degrees distribution. This is a fixed point problem that will be described in the following.

In particular, the representative agent prefers the security class s over a lower security class $s-1$ if and only if

$$\begin{array}{c}\hfill \ell \left({\psi }^{(s-1)},(d^{+},d^{-},x),-,{\psi }^{(s)},(d^{+},d^{-},x)\right)>C^{(s)}(d^{+},d^{-})-C^{(s-1)}(d^{+},d^{-}).\end{array}$$

Note also that

$$\begin{array}{cc}\hfill {\delta }_s(d^{+},d^{-},x)& :={\psi }^{(s-1)}(d^{+},d^{-},x)-{\psi }^{(s)}(d^{+},d^{-},x)\hfill \\ \hfill & =\sum _{\theta =0}^{d^{+}}\left(p^{(s-1)},(d^{+},d^{-},\theta ),-,p^{(s)},(d^{+},d^{-},\theta )\right)\mathbb{P}(\mathsf{Bin}(d^{+},x)\ge \theta )\hfill \\ \hfill & =\sum _{\theta =0}^{d^{+}}{q}_s(d^{+},d^{-},\theta )\mathbb{P}(\mathsf{Bin}(d^{+},x)=\theta )>0,\hfill \end{array}$$

since by Condition $(C_3)$,

$$\begin{array}{c}\hfill q_s(d^{+},d^{-},\theta ):=\sum _{j=0}^{\theta }\left(p^{(s-1)},(d^{+},d^{-},j),-,p^{(s)},(d^{+},d^{-},j)\right)>0.\end{array}$$

In order to restrict ourselves to threshold-type strategies, we need a stronger assumption. Specifically, let us define for $k=1,2,\cdots ,K$:

$$\begin{array}{c}\hfill {\ell }_s(d^{+},d^{-},x):=\frac{C^{(s)}(d^{+},d^{-})-C^{(s-1)}(d^{+},d^{-})}{{\delta }_s(d^{+},d^{-},x)},\end{array}$$ 7

so that the representative agent with degrees $(d^{+},d^{-})$ would prefer the security class s over $s-1$ if and only if $\ell >{\ell }_s(d^{+},d^{-},x).$

$(C_4)$

We assume in the following that for all $d^{+},d^{-}\in \mathbb{N}$ and $x\in [0,1]$,

$$\begin{array}{c}\hfill {\ell }_1(d^{+},d^{-},x)<{\ell }_2(d^{+},d^{-},x)<\cdots <{\ell }_K(d^{+},d^{-},x).\end{array}$$

Under this condition, the optimal agent’s security investment is threshold-type: invest in security class k if and only if $\ell \in ({\ell }_k,{\ell }_{k+1}]$ (we set ${\ell }_{K+1}=\infty$). Note that the above condition is automatically verified for the case with only two security strategies, i.e., $\mathcal{S}=\{0,1\}$.

On the other hand, we will also need to assume that such thresholds are (strictly) decreasing with the network vulnerability level x:

$(C_5)$

For all $d^{+},d^{-}\in \mathbb{N},s\in \mathcal{S}$ and $x\in [0,1]$, the threshold function ${\ell }_s(d^{+},d^{-},x)$ is a decreasing function of x.

The above monotone investment condition states that the level of loss where agents choose to invest in higher security class is lower when the network vulnerability is higher. The higher the global network vulnerability, the more agents invest in security.

Lemma 4.2

The monotone investment condition $(C_5)$ holds if and only if for all $d^{+},d^{-}\in \mathbb{N},s\in \mathcal{S}$ and $x\in [0,1]$,

$$\begin{array}{c}\hfill \sum _{\theta =1}^{d^{+}}\left(p^{(s-1)},(d^{+},d^{-},\theta ),-,p^{(s)},(d^{+},d^{-},\theta )\right)\mathbb{P}(\mathsf{Bin}(d^{+}-1,x)=\theta -1)>0.\end{array}$$

The proof of lemma is provided in Appendix A.7. Consequently, the above lemma implies that if

$$\begin{array}{c}\hfill p^{(s-1)}(d^{+},d^{-},\theta )>p^{(s)}(d^{+},d^{-},\theta )\end{array}$$

for all $\theta <d^{+}$, then the monotone investment condition will be held. In particular, when we consider the strong versus weak protection setting in Sect. 5.1, the above condition will be held since $\mathcal{S}=\{0,1\}$ and the agent investing in security will never get infected, i.e., $p^{(1)}(d^{+},d^{-},\theta )=0$. Therefore, the condition in the lemma will be satisfied.

Asymptotic Nash equilibrium analysis

We are now ready to describe the asymptotic Nash equilibrium as a fixed point problem. In the previous section we described the agents’ strategy given the global network vulnerability. Let $x_e$ denote the expected network vulnerability (expected ratio of infected links among all the links) of the random network under expected security investments across all agents.

The representative agent with degrees $(d^{+},d^{-})$ would invest in the security class $s\in \mathcal{S}$ if and only if

$$\begin{array}{c}\hfill {\ell }_s(d^{+},d^{-},x_e)<\ell \le {\ell }_{s+1}(d^{+},d^{-},x_e).\end{array}$$

Hence, the fraction of agents with degrees $(d^{+},d^{-})$ investing in security class $s=0,1,\cdots ,K$ will be (set $F({\ell }_{K+1})=1$)

$$\begin{array}{c}\hfill {\gamma }_e^{(s)}(d^{+},d^{-})=F({\ell }_{s+1}(d^{+},d^{-},x_e))-F({\ell }_s(d^{+},d^{-},x_e)),\end{array}$$

and we have

$$\begin{array}{c}\hfill {\mu }_e^{(s)}(d^{+},d^{-})=\mu (d^{+},d^{-}){\gamma }_e^{(s)}(d^{+},d^{-}).\end{array}$$

On the other hand, given the probability distributions ${\gamma }_e:{\mathbb{N}}^2\to \mathcal{P}(\mathcal{S})$, following Theorem 3.6, a vertex i with degrees $(d^{+},d^{-})$ will invest in security class $s\in \mathcal{S}$ as long as

$$\begin{array}{c}\hfill {\ell }_s(d^{+},d^{-},x_{\ast }^{{\gamma }_e})<{\ell }_i\le {\ell }_{s+1}(d^{+},d^{-},x_{\ast }^{{\gamma }_e}),\end{array}$$

where $x_{\ast }^{{\gamma }_e}$ is the smallest fixed point of

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}^{{\gamma }_e}(x)& :=\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k\mu (j,k){\gamma }_e^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ),\hfill \end{array}$$ 8

in [0, 1]. Hence, the actual fraction of vertices with degree $(d^{+},d^{-})$ investing in security class $s\in \mathcal{S}$ is given by

$$\begin{array}{c}\hfill {\gamma }^{(s)}(d^{+},d^{-})=F({\ell }_{s+1}(d^{+},d^{-},x_{\ast }^{{\gamma }_e}))-F({\ell }_s(d^{+},d^{-},x_{\ast }^{{\gamma }_e})).\end{array}$$ 9

Then for $s=K$, we have

$$\begin{array}{c}\hfill {\ell }_K(d^{+},d^{-},x_{\ast }^{{\gamma }_e})=F^{-1}(1-{\gamma }^{(K)}(d^{+},d^{-})),\end{array}$$

and, by backward induction, we obtain for $s=1,\cdots ,K$:

$$\begin{array}{c}\hfill {\ell }_s(d^{+},d^{-},x_{\ast }^{{\gamma }_e})=F^{-1}\left(1,-,{\gamma }^{(K)},(d^{+},d^{-}),-,\cdots ,-,{\gamma }^{(s)},(d^{+},d^{-})\right)=F^{-1}\left(\sum _{k=0}^{s-1},{\gamma }^{(k)},(d^{+},d^{-})\right).\end{array}$$

The willingness to pay to move from security class $s-1$ to s for the last vertex with degrees $(d^{+},d^{-})$ in a network with fraction investing in security $\gamma$ and with expectation ${\gamma }_e$ can be defined as

$$\begin{array}{c}\hfill W_{\gamma ,{\gamma }_e}^{(s)}(d^{+},d^{-}):={\delta }_s(d^{+},d^{-},x_{\ast }^{{\gamma }_e})F^{-1}\left(\sum _{k=0}^{s-1},{\gamma }^{(k)},(d^{+},d^{-})\right).\end{array}$$ 10

For a fixed cost function $C:\mathcal{S}\times {\mathbb{N}}^2\to {\mathbb{R}}^{+}$, in equilibrium, the expected fraction ${\gamma }_e$ and the actual one $\gamma$ must satisfy (for all $d^{+},d^{-}$ with $\mu (d^{+},d^{-})>0$):

$$\begin{array}{c}\hfill C^{(s)}(d^{+},d^{-})-C^{(s-1)}(d^{+},d^{-})={\delta }_s(d^{+},d^{-},x_{\ast }^{{\gamma }_e}))F^{-1}\left(\sum _{k=0}^{s-1},{\gamma }^{(k)},(d^{+},d^{-})\right).\end{array}$$

Hence in equilibrium, when expectations are fulfilled, the possible equilibria are given by the fixed point equations (for all $d^{+},d^{-}$ with $\mu (d^{+},d^{-})>0)$

$$\begin{array}{c}\hfill {\ell }_s(d^{+},d^{-},x_{\ast }^{\gamma })=F^{-1}\left(\sum _{k=0}^{s-1},{\gamma }^{(k)},(d^{+},d^{-})\right),\end{array}$$ 11

where $x_{\ast }^{\gamma }$ is the smallest fixed point in [0, 1] of equation

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}^{\gamma }(x)& :=\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k\mu (j,k){\gamma }^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ).\hfill \end{array}$$ 12

Uniqueness of equilibrium

For any $z\in [0,1]$, $(d^{+},d^{-})\in {\mathbb{N}}^2$ and $s\in \mathcal{S}$, following Eq. (11), we define

$$\begin{array}{c}\hfill {\gamma }^{(s)}(d^{+},d^{-},z)=F({\ell }_{s+1}(d^{+},d^{-},z))-F({\ell }_s(d^{+},d^{-},z)),\end{array}$$

and we set

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}^{\gamma (z)}(x)& :=\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k\mu (j,k){\gamma }^{(s)}(j,k,z)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ).\hfill \end{array}$$

In the following theorem, we show the uniqueness of the (asymptotic) Nash equilibrium for the security mean-field game under monotone investment conditions.

Theorem 4.3

Consider the network security game in a random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$. Assume that $(C_1)$–$(C_5)$ hold. We have at most one mean-field equilibrium, which is given by the solution of the following equation:

$$\begin{array}{c}\hfill z=\underset{x\in [0,1]}{inf}\{x:{\mathrm{\Phi }}^{\gamma (z)}(x)=x\}.\end{array}$$ 13

The proof of theorem is provided in Appendix A.8.

Algorithms to find the fixed point

In this section, we present an iterative algorithm to compute the mean-field equilibrium in Theorem 4.3 for our baseline model. We assume that the degrees are bounded from above by $\mathrm{\Delta }$. Note that, by Condition 3.4, one can always choose $\mathrm{\Delta }={\mathrm{\Delta }}_{ϵ}$ such that

$$\begin{array}{c}\hfill \sum _{j=0}^{\infty }\sum _{k={\mathrm{\Delta }}_{ϵ}}^{\infty }\sum _{s\in \mathcal{S}}j{\mu }^{(s)}(j,k)+\sum _{j={\mathrm{\Delta }}_{ϵ}}^{\infty }\sum _{k=0}^{\infty }\sum _{s\in \mathcal{S}}j{\mu }^{(s)}(j,k)<ϵ.\end{array}$$

.

Under the assumptions of Theorem 4.3, the following algorithm is guaranteed to converge to the unique fixed point of the mapping ${\mathrm{\Phi }}^{\gamma }$.

Step 0:

For initialization set $t=0$, the error tolerance $ϵ>0$ and ${\gamma }_0^{(s)}(j,k)={\text{11}}_{\{s=0\}}$ for all $0\le j,k\le \mathrm{\Delta }$. Let $x_0$ be the smallest solution $x\in [0,1]$ of the fixed-point iteration algorithm with error tolerance $ϵ$ given by

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}_0(x)& :=\sum _{j=0}^{\mathrm{\Delta }}\sum _{k=0}^{\mathrm{\Delta }}\sum _{s\in \mathcal{S}}\frac{k\mu (j,k){\gamma }_0^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta )\hfill \\ \hfill & =\sum _{j=0}^{\mathrm{\Delta }}\sum _{k=0}^{\mathrm{\Delta }}\frac{k\mu (j,k)}{\lambda }\sum _{\theta =0}^j{p}^{(0)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ).\hfill \end{array}$$

This is the fixed-point equilibrium under no security investment.

Step 1:

Set $t\leftarrow t+1$. For all $0\le j,k\le \mathrm{\Delta }$, we set the fraction of agents with degrees (j, k) investing in security $s\in \mathcal{S}$ at step t to

$$\begin{array}{c}\hfill {\gamma }_t^{(s)}(j,k):=F({\ell }_{s+1}(j,k,x_{t-1}))-F({\ell }_s(j,k,x_{t-1})),\end{array}$$

and let $x_t$ be the smallest fixed-point $x\in [0,1]$ of

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}_t(x)& :=\sum _{j=0}^{\mathrm{\Delta }}\sum _{k=0}^{\mathrm{\Delta }}\sum _{s\in \mathcal{S}}\frac{k\mu (j,k){\gamma }_t^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ).\hfill \end{array}$$

Step 2:

If $x_{t-1}-x_t<ϵ$, terminate the algorithm. Otherwise, return to Step 1.

Note that due to the monotone investment conditions and the strictly increasing cdf function F, ${\mathrm{\Phi }}_t(x)$ is strictly increasing in x and strictly decreasing in t (see Appendix A.8). Hence, the fixed-point sequence $x_t$ will be decreasing, converging to $x_{\ast }^{(\mathbf{s})}$, which is unique by Theorem 4.3. Since $x_t$ is non-increasing and the algorithm terminates when $x_{t-1}-x_t<ϵ$, the algorithm converges in at most $\lfloor x_0/ϵ\rfloor$ steps.

Examples and applications

In this section, we provide a more detailed analysis of the particular case where there are two security classes, and investment in security provides strong protection. For the case of random regular graphs and core-periphery network models, the social optimum is explicit, and we can theoretically guarantee that the individual decision will result in underinvestment compared to the social optimum.

Equilibrium analysis in the case of strong protection

We assume $\mathcal{S}=\{0,1\}$ and consider the (extreme) case where a vertex invested in security cannot be infected at all, i.e. $p^{(1)}(j,k,\theta )=0$ and $p^{(0)}(j,k,\theta )=p(j,k,\theta )$ for all $j,k,\theta$. Namely, $s_i=0$ if vertex i does not invest in security (i.e. $C_i^{(0)}=0$) and $s_i=1$ if vertex i invests in security. An agent i with degrees $(d^{+},d^{-})$ can obtain a security level 1 for a cost $C_i=C(d^{+},d^{-})$. Let $\gamma (d^{+},d^{-})$ denotes the fraction of vertices (in equilibrium) with degrees $(d^{+},d^{-})$ invested in security. Hence, all vertices investing in security can be removed from the network and contagion goes through all non secured vertices. This is similar to site percolation model by setting ${\pi }_v^{(s)}(d^{+},d^{-})=1-\gamma (d^{+},d^{-})$.

Note that in this setting, the conditions $(C_3)-(C_5)$ are automatically satisfied (see the remark after Lemma 4.2). Hence, the optimal decision for a vertex i with degrees $(d^{+},d^{-})$ and expected vulnerability belief for the network $x_e$ is

$$\begin{array}{c}\hfill {\ell }_i\sum _{\theta }p(d^{+},d^{-},\theta )\mathbb{P}(\mathsf{Bin}(d^{+},x_e)\ge \theta )>C(d^{+},d^{-})⟺\text{agent}i\text{invests in security}.\end{array}$$

The equilibrium fixed point equations can be simplified to

$$\begin{array}{c}\hfill \gamma (d^{+},d^{-})=1-F\left(\frac{C(d^{+},d^{-})}{{\sum }_{\theta }p(d^{+},d^{-},\theta )\mathbb{P}(\mathsf{Bin}(d^{+},x_{\ast }^{\gamma })\ge \theta )}\right),\end{array}$$

where $x_{\ast }^{\gamma }$ is the smallest fixed point in [0, 1] of equation

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}^{\gamma }(x)& :=\sum _{j,k}\frac{k\mu (j,k)(1-\gamma (j,k))}{\lambda }\sum _{\theta =0}^{j}p(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ).\hfill \end{array}$$

Equilibrium analysis in the case of random regular graphs

We next consider the previous strong protection setting in the case of random regular graphs, where $d_i^{+}=d_i^{-}=d$ for all vertices $i\in [n]$. Hence, $\mu (d,d)=1,\lambda =d$, and we simplify the notations to

$$\begin{array}{c}\hfill p(\theta )=p^{(0)}(d,d,\theta ),\gamma =\gamma (d,d),C=c(d,d),\end{array}$$

and

$$\begin{array}{c}\hfill \delta (x)={\delta }_1(d,d,x)=\sum _{\theta =0}^{d}p(\theta )\mathbb{P}(\mathsf{Bin}(d,x)\ge \theta ).\end{array}$$

Consequently in this case the optimal decision for agent i and expected global network vulnerability belief $x_e$ is

$$\begin{array}{c}\hfill {\ell }_i>\frac{C}{\delta (x_e)}⟺\text{agent}i\text{invests in security}.\end{array}$$

The equilibrium fixed point equations can be simplified as follows:

$$\begin{array}{c}\hfill 1-\gamma =F\left(\frac{C}{\delta (x_{\ast }^{\gamma })}\right)=F\left(\frac{C}{x_{\ast }^{\gamma }(1-\gamma )}\right)⟹C=x_{\ast }^{\gamma }(1-\gamma )F^{-1}(1-\gamma ),\end{array}$$

where $x_{\ast }^{\gamma }$ is the smallest fixed point in [0, 1] of equation

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}^{\gamma }(x)& :=(1-\gamma )\sum _{\theta =0}^{d}p(\theta )\mathbb{P}(\mathsf{Bin}(d,x)\ge \theta )=F\left(\frac{C}{\delta (x)}\right)\delta (x).\hfill \end{array}$$

In this case, the social utility averaged over all agents converges to

$$\begin{array}{c}\hfill \frac{1}{n}\sum _{i=1}^n{J}_i(\mathit{\ell },\mathbf{s})\stackrel{p}{⟶}{\overline{J}}_{\text{social}}(\gamma )=\delta (x_{\ast }^{\gamma }){\int }_{\gamma }^1{F}^{-1}(1-u)du+C\gamma ,\end{array}$$

where $\delta (x_{\ast }^{\gamma }){\int }_0^{\gamma }{F}^{-1}(1-u)du$ is the (expected) gross cost imposed by the $(1-\gamma )$-fraction of agents not investing in security and $C\gamma$ is the total cost of security.

Proposition 5.1

The social planner will choose a larger fraction $\gamma$ of agents to invest in security than the market equilibrium for any fixed cost C.

The proof of proposition is provided in Appendix A.9.

Figure 1 varies the cost C. As the cost function increases, the network vulnerability fixed point solution increases, while the final fraction of individuals investing in security decreases. The figure also shows the gap between the fraction of individuals who self-protect in equilibrium and the social optimum.

Fig. 1.

Equilibrium solutions for contact process on random regular graphs: Here $d=10,p(0)=\alpha ,p(\theta )=(1-\alpha )\beta {(1-\beta )}^{\theta -1}$ for $\theta =1,\cdots ,d$, with $\alpha =0.05,\beta =0.1$ and L follows an exponential distribution with mean one, i.e. $F(\ell )=1-e^{-\ell }$

Analysis of agents heterogeneity: Core-periphery setup

Financial networks often involve significant asymmetries, such as the presence of a core-periphery structure. In order to provide more insights on the impact of network heterogeneity and how agents influence each other, we consider a special case where there are two types of agents: core agents with high degrees $d_H^{+}=d_H^{-}=d_H$ and periphery agents with low degrees $d_L^{+}=d_L^{-}=d_L<d_H$. We denote by ${\mu }_H$ and ${\mu }_L$ (respectively) the fraction of core agents and periphery agents in the (large) network. We assume that the cost of (strong) self-protection for core agents is $C_H$ and the loss due to being infected follows distribution $F_H$. Similarly, for a periphery agent, the cost is $C_L<C_H$ and the loss follows distribution $F_L$. We also set

$$\begin{array}{c}\hfill p_H(\theta )=p^{(0)}(d_H,d_H,\theta )\text{and}{p}_L(\theta )=p^{(0)}(d_L,d_L,\theta ).\end{array}$$

A core agent i will invest in security (with expected network vulnerability $x_e$) if

$$\begin{array}{c}\hfill {\ell }_i>\frac{C_H}{{\delta }_H(x_e)},{\delta }_H(x)=\sum _{\theta =0}^{d_H}{p}_H(\theta )\mathbb{P}(\mathsf{Bin}(d_H,x)\ge \theta ),\end{array}$$

while a periphery agent i will invest in security in the case

$$\begin{array}{c}\hfill {\ell }_i>\frac{C_L}{{\delta }_L(x_e)},{\delta }_L(x)=\sum _{\theta =0}^{d_L}{p}_L(\theta )\mathbb{P}(\mathsf{Bin}(d_L,x)\ge \theta ).\end{array}$$

Hence, the (asymptotic) fraction of core agents ${\gamma }_H$ and periphery agents ${\gamma }_L$ investing in security satisfies the equilibrium fixed point equations

$$\begin{array}{c}\hfill {\gamma }_H=1-F_H\left(\frac{C_H}{{\delta }_H(x_{\ast }^{\gamma })}\right),{\gamma }_L=1-F_L\left(\frac{C_L}{{\delta }_L(x_{\ast }^{\gamma })}\right),\end{array}$$

where $x_{\ast }^{\gamma }$ is the smallest fixed point in [0, 1] of equation

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}^{\gamma }(x)& :=\frac{d_H{\mu }_H(1-{\gamma }_H){\delta }_H(x)+d_L{\mu }_L(1-{\gamma }_L){\delta }_L(x)}{d_H{\mu }_H+d_L{\mu }_L}.\hfill \end{array}$$

In this case, the average social cost function $\frac{1}{n}{\sum }_{i=1}^n{J}_i(\mathit{\ell },\mathbf{s})$ converges to

$$\begin{array}{c}\hfill {\overline{J}}_{\text{social}}({\gamma }_H,{\gamma }_L)={\delta }_H(x_{\ast }^{\gamma }){\int }_{{\gamma }_H}^1{F}_H^{-1}(1-u)du+{\delta }_H(x_{\ast }^{\gamma }){\int }_{{\gamma }_L}^1{F}_L^{-1}(1-u)du+C_H{\gamma }_H+C_L{\gamma }_L.\end{array}$$

Similarly to Proposition 5.1, we have:

Proposition 5.2

The social planner will choose a larger fraction $\gamma$ of core and periphery agents investing in security than the market equilibrium for any fixed costs $C_H$ and $C_L$.

The proof of proposition is provided in Appendix A.9.

Figure 2 varies the cost for core $C_H$ and periphery $C_L$ agents and plots the fraction of core agents who invest in security against the fraction of peripheral agents who invest. The game’s equilibrium decisions are symmetric for agents of the same type based on the loss function. As the cost for periphery agents increases, we note that their investment decreases and this decreases is most pronounced close to zero. This means, as soon as the cost becomes positive, the fraction of peripheral agents investing quickly decreases. For core agents, the slope at zero is much more pronounced. When the cost for both agents is low, both have large fractions investing in security. When the cost for peripheral is low and for core it is high, we see that peripheral agents invest even more. Essentially, because they anticipate underinvestment from the cores they protect themselves to the highest degree possible. Otherwise, the contagion risk from the highly connected cores is too high. It is the cores who are the free riders, and this is based on the implicit threat of the systemic risk they impose. When the cost is high for the peripherals and low for the cores, a high proportion of cores chooses to invest. Note that peripheral agents do not immediately become free riders even when their costs become high and all cores are invested. When the cost for peripheral agents is low and fixed, the fraction of cores investing in protection is not monotone in cost. This is because of the discontinuity of the fixed point solution as a function of initially self protected cores.

Fig. 2.

Equilibrium solutions for security investment in core-periphery networks: Here ${\mu }_H=0.2,d_H=20,p_H(0)=0.1,p_H(5)=0.9$ and $d_L=4,{\mu }_L=0.8,p_L(0)=0.2,p_L(1)=0.3,p_L(2)=0.5$. Further, we set $F_L(\ell )=F_H(5\ell )=1-e^{-\ell }$; the (potential) infection loss for periphery and core agents follow exponential distributions with mean 1 and 5, respectively

The above core-periphery example clearly shows that, in a general non-symmetric network, the security investment decisions of agents not only create positive externalities but are also strategic substitutes. This means that greater investment by one type of agent typically reduces the willingness for investment of other agents. Similarly, underinvestment by some agents will encourage over-investment by others.

In the case of introducing insurance to the model, as studied in e.g. [48], the combination of security investment and insurance raises the problem of moral hazard, in which agents covered by insurance may take fewer secure measures, or even falsify their loss.

Concluding remarks

In this paper, we propose a general framework for security investment in a directed network of interconnected agents subject to contagion risks and potential loss. We state various limit theorems and resilience conditions depending on network structure and agent security profile. We show how these results are sensitive to edge and vertex percolation. We study the asymptotic Nash equilibrium and socially optimal security investments in a random directed network with fixed degrees. Our results allow us to understand how the structure of networks affects the resilience of the network and impacts the decisions of different network players. We show how an agent’s decision on their security level might depend on the decision of other agents in the network. In particular, we quantify how agents who decide not to invest in security protection would put the other network participants at contagion risks.

When the agents’ costs vary, the impact of the security choice on the overall system is ambiguous. When peripheral agents anticipate investment by cores, they do not completely decrease investment even when their costs increase. In contrast, cores can quickly become free-riders when their costs increase and when they anticipate investment by the periphery agents (for example because those agents have low costs). There are also non-monotonicities in the investment choices of the cores as a function of their costs. Our results point to a strong effect of the cost heterogeneity across classes of agents.

The model can be extended along the following directions.

Consider a strategic attacker which, after observing the degree and security profile of agents, selects an attack decision $\mathit{\alpha }$, with

$$\begin{array}{c}\hfill {\alpha }^{(s)}(d^{+},d^{-})=p^{(s)}(d^{+},d^{-},0),\end{array}$$

that represents the fraction of agents which are attacked and thus act as initial seed of the contagion. His objective is to maximize his utility given by the expected infections minus the cost of the attack decision. The cost of an attack can be captured in a simple way, for example

$$\begin{array}{c}\hfill \zeta (\mathit{\alpha })=\sum _{d^{+},d^{-}}\sum _{s\in \mathcal{S}}{\mu }^{(s)}(d^{+},d^{-}){\zeta }_s({\alpha }^{(s)}(d^{+},d^{-})),\end{array}$$

where ${\zeta }_s$ denotes the cost of initially infecting (attack) the fraction of individual with security $s\in \mathcal{S}$. This can turn into a attacker-defender game, if individuals take into account the possibility of strategic attack.

The model could also be applied to the insurance industry, where security investments can represent fraud detection capabilities. This means that firms with better security have a greater risk-bearing capacity than those with lower security.

Another area of interest is the cyber-insurance market. One can investigate how the presence of competitive insurers can affect security adoption. One problem with the combination of insurance and self-protection is moral hazard, which occurs when the insurance provider cannot observe the protection level of each agent [48]. The reward for a user investing in security depends on the general level of security in the network, leading to the following feedback loop situation [40]: self-protection $⟶$ state of the network $⟶$ pricing of the premium $⟶$ strategy of the agent $⟶$ self-protection. Note that if insurance providers cannot observe the security levels of the agents, there may be agents who choose not to invest in self-protection if the insurance covers part of their losses. Hence, insurance might provide a negative incentive for self-protection.

Appendix A: Proofs

This appendix contains the proofs of all lemmas and theorems in the main text.

We start by describing the dynamics of the contagion on ${\mathcal{G}}_n=\mathcal{G}({\mathbf{d}}_n^{+},{\mathbf{d}}_n^{-})$ as a Markov chain, which is perfectly tailored for asymptotic study. Let

$$\begin{array}{c}\hfill m_n:=\sum _{j,k}\sum _{s\in \mathcal{S}}j{\mu }_n^{(s)}(j,k)=\sum _{j,k}\sum _{s\in \mathcal{S}}k{\mu }_n^{(s)}(j,k)\end{array}$$

denote the number of incoming (outgoing) edges in the graph.

A.1. Markov chain transitions

Consider the configuration model algorithm described in Sect. 3.2. One can observe that the uniform matching which constructs the graph can be obtained sequentially: choose an outgoing half edge according to any rule (random or deterministic) and then choose the corresponding incoming half edge uniformly over the unmatched incoming half edges.

At time 0 the threshold of each agent is distributed randomly. For $\theta \in \mathbb{N}$, let $p_n^{(s)}(j,k,\theta )$ denotes the fraction of agents with in-degree j, out-degree k and security profile s which are given threshold $\theta$. Hence, $p_n^{(s)}(j,k,\theta )\to p^{(s)}(j,k,\theta )$ as $n\to \infty$. At a given time step t agents (vertices) are partitioned into infected $\mathbb{I}(t)$ and uninfected $\mathbb{U}(t)$. We further partition the class of uninfected vertices according to their in-degree, out-degree, security profile and threshold $\mathbb{U}(t)={\bigcup }_{j,k,s,\theta }{\mathbb{U}}^{jks\theta }(t)$.

At time zero, $\mathbb{I}(0)$ contains the initial set of infected agents. At each step we have one interaction only between two agents, yielding at least one infected. Our processes at each step is as follows:

• Choose an outgoing edge of an infected agent i;

• Identify its partner j (i.e. by construction of the random graph in the configuration model, the partner is given by choosing an incoming edge randomly among all available incoming edges);

• Delete both edges. If j is currently uninfected with threshold $\theta$ and it is the $\theta$-th deleted incoming edge from j, then j fires.

Let us define $U_n^{jks\theta ,\ell }(t)$, $0\le \ell \le \theta$, the number of uninfected agents with in-degree j, out-degree k, security s, threshold $\theta$ and $\ell$ incoming edges from the infected agents at time t. We introduce the additional variables of interest:

• $I_n^{jks\theta }(t)$: the number of infected agents with in-degree j, out-degree k, security s and threshold $\theta$ at time t,

• $I_n^{-}(t)$: the number of outgoing edges belonging to infected agents at time t,

• $I_n(t)$: the number of infected agents at time t.

Because at each step we delete one incoming edge and the number of incoming edges at time 0 is $m_n$, the number of existing incoming edges at time t will be $m_n-t$. It is easy to see that the following identities hold:

$$\begin{array}{cc}\hfill I_n^{jks\theta }(t)& ={\mu }_n^{(s)}(j,k)p_n^{(s)}(j,k,\theta )-\sum _{\ell =0}^{\theta -1}{U}_n^{jks\theta ,\ell }(t),\hfill \\ \hfill I_n^{-}(t)& =\sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta =0}^{j}k{I}_n^{jks\theta }(t)-t,\hfill \\ \hfill I_n(t)& =\sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta =0}^j{I}_n^{jks\theta }(t).\hfill \end{array}$$

The contagion process will finish at the stopping time $T_n$ which is the first time $t\in \mathbb{N}$ where $I_n^{-}(t)=0$. The final number of infected agents will be $I_n(T_n)$. By definition of our process ${\mathbf{U}}_n(t)={\left\{U_n^{jks\theta ,\ell },(t)\right\}}_{j,k,s,\theta ,\ell }$ represents a Markov chain. We write the transition probabilities of the Markov chain. There are three possibilities for the B, the partner of an outgoing edge of an infected agent A.

1. B is infected, the next state is ${\mathbf{U}}_n(t+1)={\mathbf{U}}_n(t)$.

2. B is uninfected of in-degree j, out-degree k, security s, threshold $\theta$ and this is the $(\ell +1)$-th deleted incoming edge and $\ell +1<\theta$. The probability of this event is $\frac{(j-\ell )U_n^{jks\theta ,\ell }(t)}{m_n-t}$. The changes for the next state will be

   $$\begin{array}{cc}\hfill U_n^{jks\theta ,\ell }(t+1)& =U_n^{jks\theta ,\ell }(t)-1,\hfill \\ \hfill U_n^{jks\theta ,\ell +1}(t+1)& =U_n^{jks\theta ,\ell +1}(t)+1.\hfill \end{array}$$
3. B is uninfected of in-degree j, out-degree k, security s, threshold $\theta$ and this is the $\theta$-th deleted incoming edge. The probability of this event is $\frac{(j-\theta +1)U_n^{jks\theta ,\theta -1}(t)}{m_n-t}$. The changes for the next state will be

   $$\begin{array}{c}\hfill U_n^{jks\theta ,\theta -1}(t+1)=U_n^{jks\theta ,\theta -1}(t)-1.\end{array}$$

Let ${\mathrm{\Delta }}_t$ be the difference operator: ${\mathrm{\Delta }}_{t}X:=X(t+1)-X(t)$. We obtain the following equations for the expectation of ${\mathbf{U}}_n(t+1)$, conditional on ${\mathcal{F}}_{n,t}$ (the pairing generated by time t), by averaging over the possible transitions:

$$\begin{array}{cc}\hfill \mathbb{E}\left[{\mathrm{\Delta }}_t,U_n^{jks\theta ,0},|,{\mathcal{F}}_{n,t}\right]& =-\frac{j{U}_n^{jks\theta ,0}(t)}{m_n-t},\hfill \\ \hfill \mathbb{E}\left[{\mathrm{\Delta }}_t,U_n^{jks\theta ,\ell },|,{\mathcal{F}}_{n,t}\right]& =\frac{(j-\ell +1)U_n^{jks\theta ,\ell -1}(t)}{m_n-t}-\frac{(j-\ell )U_n^{jks\theta ,\ell }(t)}{m_n-t}.\hfill \end{array}$$ 14

The initial condition is

$$\begin{array}{c}\hfill U_n^{jks\theta ,\ell }(0)=n{\mu }_n^{(s)}(j,k)p_n^{(s)}(j,k,\theta )\text{11}(\ell =0)\text{11}(0<\theta \le j).\end{array}$$

Remark that we are interested in the value of $I_n(T_n)$, where $T_n$ is the first time that $I_n(t)=0$. In case $T_n<m_n$, the Markov chain can still be well defined for $t\in [T_n,m_n)$ by the same transition probabilities. However, after $T_n$ it will no longer be related to the contagion process and the value $I_n^{-}(t)$, representing for $t\le T_n$ the number of in-coming half-edges belonging to infected agents, becomes negative. We consider from now on that the above transition probabilities hold for $t<m_n$.

We will show in the next section that the trajectory of these variables throughout the algorithm is a.a.s. (asymptotically almost surely, as $n\to \infty$ ) close to the solution of the deterministic differential equations suggested by these equations.

A.2. Fluid limit of contagion process

Let (DE) be the following system of differential equations:

$$\begin{array}{cc}\hfill {(u^{jks\theta ,0})}^{\prime }(\tau )& =-\frac{j{u}^{jks\theta ,0}(\tau )}{\lambda -\tau },\hfill \\ \hfill {(u^{jks\theta ,\ell })}^{\prime }(\tau )& =\frac{(j-\ell +1)u^{jks\theta ,\ell -1}(\tau )}{\lambda -\tau }-\frac{(j-\ell )u^{jks\theta ,\ell }(\tau )}{\lambda -\tau },(\text{DE}),\hfill \end{array}$$

with initial conditions

$$\begin{array}{cc}\hfill u^{jks\theta ,\ell }(0)& ={\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\text{11}(\ell =0)\text{11}(0<\theta \le j).\hfill \end{array}$$

Lemma A.1

The system of ordinary differential equations (DE) admits the unique solution

$$\begin{array}{c}\hfill \mathbf{u}(\tau ):={\left\{u^{jks\theta ,\ell },(\tau )\right\}}_{j,k,s,0\le \ell <\theta \le j},\end{array}$$

in the interval $0\le \tau <\lambda$, with

$$\begin{array}{c}\hfill u^{jks\theta ,\ell }(\tau ):={\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\left(\genfrac{}{}{0pt}{}{j}{\ell }\right){(1-\frac{\tau }{\lambda })}^{j-\ell }{(\frac{\tau }{\lambda })}^{\ell }.\end{array}$$ 15

Proof

We denote by ${\text{DE}}_K$ the set of differential equations defined above, restricted to $j\wedge k<K$ and by $b_K$ the dimension of the restricted system. (The operator $\wedge$ is defined as $x\wedge y=max(x,y).$) Since the derivatives of the functions ${\left\{u^{jks\theta ,\ell },(\tau )\right\}}_{j\wedge k<K,s,0\le \ell <\theta \le j}$ depend only on $\tau$ and the same functions, by a standard result in the theory of ordinary differential equations, there is an unique solution of ${\text{DE}}_K$ in any domain of the type $(-ϵ,\lambda )\times R$, with R a bounded subdomain of ${\mathbb{R}}^{b_K}$ and $ϵ>0$. The solution of $(\text{DE})$ is defined to be the set of functions solving all the finite systems $\left({\text{DE}}_K,,,K,\ge ,1\right)$. We solve now the system $\text{DE}$. Let $\gamma =\gamma (\tau )=-ln(\lambda -\tau )$. Then $\gamma (0)=-ln(\lambda )$, $\gamma$ is strictly monotone and so is the inverse function $\tau =\tau (\gamma )$. We write the system of differential equations (DE) with respect to $\gamma$:

$$\begin{array}{cc}\hfill {(u^{jks\theta ,0})}^{\prime }(\gamma )& =-j{u}^{jks\theta ,0}(\gamma ),\hfill \\ \hfill {(u^{jks\theta ,\ell })}^{\prime }(\gamma )& =(j-\ell +1)u^{jks\theta ,\ell -1}(\gamma )-(j-\ell )u^{jks\theta ,\ell }(\gamma ).\hfill \end{array}$$

Then we have

$$\begin{array}{c}\hfill \frac{d}{d\gamma }(u^{jks\theta ,\ell +1}{e}^{(j-\ell -1)(\gamma -\gamma (0))})=(j-\ell )u^{jks\theta ,\ell }(\gamma )e^{(j-\ell -1)(\gamma -\gamma (0))},\end{array}$$

and by induction, we find

$$\begin{array}{c}\hfill u^{jks\theta ,\ell }(\gamma )=e^{-(j-\ell )(\gamma -\gamma (0))}\sum _{r=0}^{\ell }\left(\genfrac{}{}{0pt}{}{j-r}{\ell -r}\right){\left(1,-,e^{-(\gamma -\gamma (0))}\right)}^{\ell -r}{u}^{jks\theta ,r}(\gamma (0)).\end{array}$$

By going back to $\tau$, we have

$$\begin{array}{c}\hfill u^{jks\theta ,\ell }(\tau )={(1-\frac{\tau }{\lambda })}^{j-\ell }\sum _{r=0}^{\ell }{u}^{jks\theta ,r}(0)\left(\genfrac{}{}{0pt}{}{j-r}{\ell -r}\right){(\frac{\tau }{\lambda })}^{\ell -r}.\end{array}$$

Then, by using the initial conditions, we find (for $\theta >0$)

$$\begin{array}{c}\hfill u^{jks\theta ,\ell }(\tau )={\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\left(\genfrac{}{}{0pt}{}{j}{\ell }\right){(1-\frac{\tau }{\lambda })}^{j-\ell }{(\frac{\tau }{\lambda })}^{\ell }.\end{array}$$

$\square$

A key idea to prove Theorem 3.6 is to approximate, following [47], the Markov chain by the solution of a system of differential equations in the large network limit. We summarize here the main result of [47].

For a set of variables $Y^1,\dots ,Y^b$ and for $\mathcal{D}\subseteq {\mathbb{R}}^{b+1}$, define the stopping time

$$\begin{array}{c}\hfill T_{\mathcal{D}}=T_{\mathcal{D}}(Y^1,\dots ,Y^b)=inf\{t\ge 1,(t/n;Y^1(t)/n,\dots ,Y^b(t)/n)\notin \mathcal{D}\}.\end{array}$$

Lemma A.2

[45, 47] Given integers $b,n\ge 1$, a bounded domain $\mathcal{D}\subseteq {\mathbb{R}}^{b+1}$, functions ${\left(f_{\ell }\right)}_{1\le \ell \le b}$ with $f_{\ell }:\mathcal{D}\to \mathbb{R}$, and $\sigma$-fields ${\mathcal{F}}_{n,0}\subseteq {\mathcal{F}}_{n,1}\subseteq \cdots$, suppose that the random variables ${\left(Y_n^{\ell },(t)\right)}_{1\le \ell \le b}$ are ${\mathcal{F}}_{n,t}$-measurable for $t\ge 0$. Furthermore, assume that, for all $0\le t<T_{\mathcal{D}}$ and $1\le \ell \le b$, the following conditions hold

• (i)(Boundedness). ${max}_{1\le \ell \le b}|Y_n^{\ell }(t+1)-Y_n^{\ell }(t)|\le \beta ,$
• (ii)(Trend-Lipschitz). $|\mathbb{E}[Y_n^{\ell }(t+1)-Y_n^{\ell }(t)|{\mathcal{F}}_{n,t}]-f_{\ell }(t/n,Y_n^1(t)/n,\dots ,Y_n^{\ell }(t)/n)|\le \delta$, where the function $(f_{\ell })$ is L-Lipschitz-continuous on $\mathcal{D}$,

and that the following condition holds initially:

• (iii)(Initial condition). ${max}_{1\le \ell \le b}|Y_n^{\ell }(0)-{\widehat{y}}^{\ell }n|\le \alpha n,$ for some $\left(0,,,{\widehat{y}}^1,,,\cdots ,,,{\widehat{y}}^b\right)\in \mathcal{D}$.

Then there are $R=R(\mathcal{D},L)\in [1,\infty )$ and $C=C(\mathcal{D})\in (0,\infty )$ such that, whenever $\alpha \ge \delta min\{C,L^{-1}\}+R/n$, with probability at least $1-2b{e}^{-n{\alpha }^2/(8C{\beta }^2)}$ we have

$$\begin{array}{c}\hfill \underset{0\le t\le \sigma n}{max}\underset{1\le \ell \le b}{max}|Y_n^{\ell }(t)-y^{\ell }(t/n)n|<3e^{\mathit{CL}}\alpha n,\end{array}$$

where ${\left(y^{\ell },(t)\right)}_{1\le \ell \le b}$ is the unique solution to the system of differential equations

$$\begin{array}{c}\hfill \frac{d{y}^{\ell }(t)}{\mathit{dt}}=f_{\ell }(t,y^1,\dots ,y^b)\text{with}{y}^{\ell }(0)={\widehat{y}}^{\ell },\text{for}\ell =1,\dots ,b,\end{array}$$

and $\sigma =\sigma ({\widehat{y}}^1,\cdots ,{\widehat{y}}^b)\in [0,C]$ is any choice of $\sigma \ge 0$ with the property that $(t,y^1(t),\dots ,y^b(t))$ has ${\ell }^{\infty }$-distance at least $3e^{\mathit{LC}}\alpha$ from the boundary of $\mathcal{D}$ for all $t\in [0,\sigma )$.

A.3. Proof of Theorem 3.6

We apply Lemma A.2 to the contagion model described in Sect. A.1. Let us define, for $0\le \tau \le \lambda$,

$$\begin{array}{cc}\hfill {\eta }^{jks\theta }(\tau )& :={\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )-\sum _{\ell =0}^{\theta -1}{u}^{jks\theta ,\ell }(\tau ),\hfill \\ \hfill {\eta }^{-}(\tau )& :=\sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta =0}^{j}k{\eta }^{jks\theta }(\tau )-\tau ,\text{and}\hfill \\ \hfill \eta (\tau )& :=\sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta =0}^j{\eta }^{jks\theta }(\tau ),\hfill \end{array}$$

with $u^{jks\theta ,\ell }$ given in Lemma A.1. With $\mathsf{Bin}(j,\pi )$ denoting a binomial variable with parameters j and $\pi$, we have

$$\begin{array}{cc}\hfill {\eta }^{jks\theta }(\tau )=& {\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\mathbb{P}\left(\mathsf{Bin},(,j,,,\frac{\tau }{\lambda },),\ge ,\theta \right),\hfill \end{array}$$ 16

$$\begin{array}{cc}\hfill {\eta }^{-}(\tau )=& \sum _{j,k}\sum _{s\in \mathcal{S}}k{\mu }^{(s)}(j,k)\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}\left(\mathsf{Bin},(,j,,,\frac{\tau }{\lambda },),\ge ,\theta \right)-\tau =\lambda \left({\mathrm{\Phi }}^{(\mathbf{s})},(\frac{\tau }{\lambda }),-,\frac{\tau }{\lambda }\right),\hfill \\ \hfill \end{array}$$ 17

and

$$\begin{array}{c}\hfill \eta (\tau )=\sum _{j,k}\sum _{s\in \mathcal{S}}{\mu }^{(s)}(j,k)\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}\left(\mathsf{Bin},(,j,,,\frac{\tau }{\lambda },),\ge ,\theta \right)=\psi (\frac{\tau }{\lambda }).\end{array}$$ 18

We now proceed to the proof of Theorem 3.6 whose aim is to approximate the value $I_n(T_n)/n$ as $n\to \infty$. We base the proof on Lemma A.2. We first need to bound the contribution of higher order terms in the infinite sums (17) and (18). Fix $ϵ>0$. By Condition 3.4,

$$\begin{array}{c}\hfill \lambda :=\sum _{j,k\in \mathbb{N}}\sum _{s\in \mathcal{S}}j{\mu }^{(s)}(j,k)=\sum _{j,k\in \mathbb{N}}\sum _{s\in \mathcal{S}}k{\mu }^{(s)}(j,k)<\infty \end{array}$$

Then, there exists an integer $K_{ϵ}$, such that

$$\begin{array}{c}\hfill \sum _{k\ge K_{ϵ}}\sum _{j,s}k{\mu }^{(s)}(j,k)+\sum _{j\ge K_{ϵ}}\sum _{k}j{\mu }^{(s)}(j,k)<ϵ,\end{array}$$

which implies that

$$\begin{array}{c}\hfill \sum _{j\wedge k\ge K_{ϵ}}\sum _{s\in \mathcal{S}}k{\mu }^{(s)}(j,k)<ϵ.\end{array}$$

It follows that for all $0\le \tau \le \lambda$,

$$\begin{array}{c}\hfill \sum _{j\wedge k\ge K_{ϵ}}\sum _{\theta =0}^j\sum _{s\in \mathcal{S}}k{\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\mathbb{P}\left(\mathsf{Bin},(,j,,,\frac{\tau }{\lambda },),\ge ,\theta \right)<ϵ.\end{array}$$ 19

The number of vertices with degree (j, k) and security s is $n{\mu }_n^{(s)}(j,k)$. Again, by Condition 3.4,

$$\begin{array}{c}\hfill \sum _{j,k}\sum _{s\in \mathcal{S}}k{\mu }_n^{(s)}(j,k)=\sum _{j,k}j{\mu }_n^{(s)}(j,k)\to \lambda \in (0,\infty ).\end{array}$$

Therefore, for n large enough, ${\sum }_{j\wedge k\ge K_{ϵ}}{\sum }_{s\in \mathcal{S}}k{\mu }_n^{(s)}(j,k)<ϵ,$ and for all $0\le t\le m_n$,

$$\begin{array}{c}\hfill \sum _{j\wedge k\ge K_{ϵ}}\sum _{\theta =0}^j\sum _{s\in \mathcal{S}}k{U}_n^{jks\theta }(t)/n<ϵ.\end{array}$$ 20

For $K\ge 1$, we denote

$$\begin{array}{cc}\hfill {\mathbf{y}}^K& :={\left(u^{jks\theta ,\ell },(\tau )\right)}_{j\wedge k<K,s\in \mathcal{S},0\le \ell <\theta \le j}\text{and}\hfill \\ \hfill Y_n^K& :={\left(U_n^{jks\theta ,\ell },(\tau )\right)}_{j\wedge k<K,s\in \mathcal{S},0\le \ell <\theta \le j},\hfill \end{array}$$

both of dimension b(K), and ${\eta }^{jks\theta }(\tau ),u^{jks\theta ,\ell }(\tau )$ are solutions to a system ($\text{DE}$) of ordinary differential equations. Let

$$\begin{array}{c}\hfill x_{\ast }^{(\mathbf{s})}=min\{x\in [0,1]:{\mathrm{\Phi }}^{(\mathbf{s})}(x)=x\}.\end{array}$$

For the arbitrary constant $ϵ>0$ fixed above, we define the domain ${\mathcal{D}}_{ϵ}$ as

$$\begin{array}{c}\hfill D_{ϵ}=\{\left(\tau ,,,y^{K_{ϵ}}\right)\in {\mathbb{R}}^{b(K_{ϵ})+1}:-ϵ<\tau <\lambda -ϵ,-ϵ<u^{jks\theta ,\ell }<1\}.\end{array}$$ 21

The domain ${\mathcal{D}}_{ϵ}$ is a bounded open set which contains the support of all initial values of the variables. Each variable is bounded by a constant times n ($C_0=1$). By the definition of our process, the Boundedness condition is satisfied with $\beta =1$. The second condition of the theorem is satisfied by some ${\delta }_n=O(1/n)$. Finally the Lipschitz property is also satisfied since $\lambda -\tau$ is bounded away from zero. Then by Lemma A.2 and by convergence of initial conditions, we have:

Lemma A.3

For a sufficiently large constant C, we have

$$\begin{array}{c}\hfill \mathbb{P}(\forall t\le n{\sigma }_H(n),{\mathbf{Y}}_n^{K_{ϵ}}(t)=n{\mathbf{y}}^{K_{ϵ}}(t/n)+O(n^{3/4}))=1-O(b(K_{ϵ})n^{-1/4}exp(-n^{-1/4}))\\ \hfill \end{array}$$ 22

uniformly for all $t\le n{\sigma }_H(n)$ where

$$\begin{array}{c}\hfill {\sigma }_H(n)=sup\{\tau \ge 0,d({\mathbf{y}}^{K_{ϵ}}(\tau ),\partial D_{ϵ})\ge C{n}^{-1/4}\}.\end{array}$$

When the solution reaches the boundary of ${\mathcal{D}}_{ϵ}$, it violates the first constraint, determined by $\widehat{\tau }=\lambda -ϵ$. By convergence of $\frac{m_n}{n}$ to $\lambda$, there is a value $n_0$ such that $\forall n\ge n_0$, $\frac{m_n}{n}>\lambda -ϵ$, which ensures that $\widehat{\tau }n\le m_n$. Using (19) and (20), we have, for $0\le t\le n\widehat{\tau }$ and $n\ge n_0$:

$$\begin{array}{cc}\hfill \left|I_n^{-},(t),/,n,-,{\eta }^{-},(t/n)\right|=& \left|\sum _{j,k},\sum _{s\in \mathcal{S}},\sum _{\theta =0}^j,k,(I_n^{jks\theta }(t)/n-{\eta }^{jks\theta }(t/n))\right|\hfill \\ \hfill \le & \sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta =0}^{j}k\left|I_n^{jks\theta },(t),/,n,-,{\eta }^{jks\theta },(t/n)\right|\hfill \\ \hfill \le & \sum _{j\wedge k\le K_{ϵ}}\sum _{s\in \mathcal{S}}\sum _{\theta =0}^{j}k\left|I_n^{jks\theta },(t),/,n,-,{\eta }^{jks\theta },(t/n)\right|+2ϵ,\hfill \end{array}$$ 23

and

$$\begin{array}{cc}\hfill \left|I_n,(t),/,n,-,\eta ,(t/n)\right|\le & \sum _{j\wedge k\le K_{ϵ}}\sum _{s\in \mathcal{S}}\sum _{\theta =0}^j\left|I_n^{jks\theta },(t),/,n,-,{\delta }^{jks\theta },(t/n)\right|+2ϵ.\hfill \end{array}$$ 24

We obtain by Lemma A.3 that

$$\begin{array}{cc}\hfill & \underset{t\le \widehat{\tau }n}{sup}\left|I_n^{-},(t),/,n,-,{\eta }^{-},(t/n)\right|\le 2ϵ+o_p(1),\text{and}\hfill \end{array}$$ 25

$$\begin{array}{cc}\hfill & \underset{t\le \widehat{\tau }n}{sup}\left|I_n,(t),/,n,-,\eta ,(t/n)\right|\le 2ϵ+o_p(1).\hfill \end{array}$$ 26

We now study the stopping time $T_n$ and the size of the contagion $I_n(T_n)$. First assume $I(x)>x$ for all $x\in [0,1)$, i.e., $x_{\ast }^{(\mathbf{s})}=1$. Then we have for all $\tau <\widehat{\tau }$

$$\begin{array}{c}\hfill {\eta }^{-}(\tau )=\sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta =0}^{j}k{\eta }^{jks\theta }(\tau )-\tau >0.\end{array}$$

Then we have that $T_n/n=\widehat{\tau }+O(ϵ)+o_p(1)$ and from convergence (26), since $\delta (\widehat{\tau })=1-O(ϵ)$, we obtain by tending $ϵ$ to 0 that

$$\begin{array}{c}\hfill |D_n(T_n)|=n-o_p(n).\end{array}$$

This proves the first part of the theorem.

Now consider the case $x_{\ast }^{(\mathbf{s})}<1$, and furthermore $x_{\ast }^{(\mathbf{s})}$ is a stable fixed point of ${\mathrm{\Phi }}^{(\mathbf{s})}(x)$. Then by definition of $x_{\ast }^{(\mathbf{s})}$ and by using the fact that ${\mathrm{\Phi }}^{(\mathbf{s})}(1)\le 1$, we have ${\mathrm{\Phi }}^{(\mathbf{s})}(x)<x$ for some interval $(x_{\ast }^{(\mathbf{s})},x_{\ast }^{(\mathbf{s})}+\tilde{x})$. Then ${\eta }^{-}(\tau )$ is negative in an interval $({\tau }_{\ast },{\tau }_{\ast }+\tilde{\tau }),$ with ${\tau }_{\ast }=\lambda x_{\ast }^{(\mathbf{s})}$. Let $ϵ$ such that $2ϵ<-{inf}_{\tau \in ({\tau }_{\ast },{\tau }_{\ast }+\tilde{\tau })}{\eta }^{-}(\tau )$ and denote $\widehat{\sigma }$ the first iteration at which it reaches the minimum. Since ${\eta }^{-}(\widehat{\sigma })<-2ϵ$ it follows that with high probability $I^{-}(\widehat{\sigma }n)/n<0$, so $T_n/n={\tau }_{\ast }+O(ϵ)+o_p(1)$. The Theorem 3.6 thus follows by taking the limit $ϵ\to 0$.

A.4. Proof of Corollary 3.10

Let $x_{\ast }^{(\mathbf{s})}(ϵ)$ be the smallest fixed point of ${\mathrm{\Phi }}^{(\mathbf{s})}$ in [0, 1], when a fraction $ϵ$ of all vertices represent fundamental defaults, i.e., this is the smallest solution in [0, 1] to the fixed point equation

$$\begin{array}{c}\hfill x={\mathrm{\Phi }}_{ϵ}^{(\mathbf{s})}(x):=ϵ+\sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta \ge 1}\frac{k{\mu }^{(s)}(j,k)}{\lambda }{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ).\end{array}$$

Further, let $\widehat{x}>0$ be the smallest positive solution of

$$\begin{array}{c}\hfill x={\mathrm{\Phi }}_0^{(\mathbf{s})}(x):=\sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta \ge 1}\frac{k{\mu }^{(s)}(j,k)}{\lambda }{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ).\end{array}$$

We first show that such a solution exists in (0, 1). Note that ${\mathrm{\Phi }}_0^{(\mathbf{s})}(0)=0$, ${\mathrm{\Phi }}_0^{(\mathbf{s})}(1)\le 1$ and ${\mathrm{\Phi }}_0^{(\mathbf{s})}$ is an increasing function of x. Then in order to prove the existence of such a positive $\widehat{x}$ it suffices to show that ${\mathrm{\Phi }}_0^{\prime }(x)>1$ for x close to zero.

Claim A.4

Assume that for some $\mathrm{\Theta }\in \mathbb{N},\gamma \in {\mathbb{R}}^{+}$ and $\beta \in (2,3)$:

$$\begin{array}{c}\hfill \sum _k\sum _{s\in \mathcal{S}}\sum _{\theta =1}^{\mathrm{\Theta }}k{\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\ge \gamma j^{-\beta +1}\end{array}$$

for all $j\in \mathbb{N}$. Then there exists $x_0\in (0,1)$ such that we have ${\mathrm{\Phi }}_0^{\prime }(x)>1$ for all $x\in (0,x_0]$.

Proof

We have for $x\in (0,1)$ and $\mathrm{\Delta }\in \mathbb{N}$

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}_0^{\prime }(x)=& \sum _{j,k}\sum _{s\in \mathcal{S}}\sum _{\theta \ge 1}\frac{jk{\mu }^{(s)}(j,k)}{\lambda }{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j-1,x)=\theta -1)\hfill \\ \hfill \ge & \frac{1}{\lambda }\sum _{j=\mathrm{\Delta }+1}^{2\mathrm{\Delta }}\sum _k\sum _{\theta =1}^{\mathrm{\Theta }}jk{\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j-1,x)=\theta -1).\hfill \end{array}$$

We now set $x_0=\frac{1}{\mathrm{\Delta }}$ so that we have for $x\le x_0$ and $\mathrm{\Delta }$ large enough

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}_0^{\prime }(x)\ge & \frac{1}{\lambda }\sum _{j=\mathrm{\Delta }+1}^{2\mathrm{\Delta }}\sum _k\sum _{s\in \mathcal{S}}\sum _{\theta =1}^{\mathrm{\Theta }}jk{\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )e^{-(j-1)x}\frac{{((j-1)x)}^{\theta -1}}{(\theta -1)!}\hfill \\ \hfill \ge & \frac{e^{-2}}{\lambda (\mathrm{\Theta }-1)!}\sum _{j=\mathrm{\Delta }+1}^{2\mathrm{\Delta }}j\sum _k\sum _{s\in \mathcal{S}}\sum _{\theta =1}^{\mathrm{\Theta }}k{\mu }^{(s)}(j,k)p^{(s)}(j,k,\theta )\hfill \\ \hfill \ge & \frac{\gamma e^{-2}}{\lambda (\mathrm{\Theta }-1)!}\sum _{j=\mathrm{\Delta }+1}^{2\mathrm{\Delta }}{j}^{-\beta +2}>\frac{\gamma e^{-2}}{\lambda (\mathrm{\Theta }-1)!}{\mathrm{\Delta }}^{-\beta +3}.\hfill \end{array}$$

Hence by choosing $\mathrm{\Delta }$ large enough, e.g.,

$$\begin{array}{c}\hfill \mathrm{\Delta }\ge {\left(\frac{\gamma e^{-2}}{\lambda (\mathrm{\Theta }-1)!}\right)}^{\frac{1}{3-\beta }},\end{array}$$

and setting $x_0=1/\mathrm{\Delta }$ we have $I_0^{\prime }(x)>1$ for all $x\le x_0$ and the claim thus follows. $\square$

Since ${\mathrm{\Phi }}_{ϵ}^{(\mathbf{s})}$ is continuous we have ${lim}_{ϵ\to 0^{+}}{x}_{\ast }^{(\mathbf{s})}(ϵ)=\widehat{x}.$ The corollary now follows by Theorem 3.6.

A.5. Proof of Theorem 3.11

Consider the percolated random graph ${\mathcal{G}}_{{\pi }_v,{\pi }_e}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ and suppose that Condition 3.4 holds. Our proof of Theorem 3.11 is based on ideas applied in [31] to study the conditions for existence of giant component in the percolated random non directed graph with given vertex degrees; see also [44]. The site percolation model for directed random graphs has also been investigated in [7] in the context of skeleton of contagious links in financial networks.

We fist consider the site percolation model where we remove (delete) each vertex with degrees $(d^{+},d^{-})$ with probability $1-{\pi }_v^{(s)}(d^{+},d^{-})$, independently. This would be equivalent to changing the initial infection probability (for all $d^{+},d^{-}\in \mathbb{N}$ and $s\in \mathcal{S}$) to

$$\begin{array}{c}\hfill {\tilde{p}}^{(s)}(d^{+},d^{-},\theta )={\pi }_v^{(s)}(d^{+},d^{-})p^{(s)}(d^{+},d^{-},\theta )\text{for}\theta =0,1,\cdots ,d^{+},\end{array}$$ 27

and ${\tilde{p}}^{(s)}(d^{+},d^{-},d^{+}+1)=1-{\pi }_v^{(s)}(d^{+},d^{-})$. Note that the removed vertices in site percolation model are the vertices with threshold $d^{+}+1$ in our new contagion process. Hence, they will never get infected and the final infected set would have the same distribution in both contagion models.

We now consider the bond percolation model, where we remove each link with probability $(1-{\pi }_e)$. For all $i\in [n]$, let $D_i^{+}({\pi }_e)\sim \mathsf{Bin}(d_i^{+},{\pi }_e)$ be binomial random variables independent over all vertices. We then split a vertex with degree $(d^{+},d^{-})$ into a single vertex with degree $(D^{+}({\pi }_e),d^{-})$ plus $d^{+}-D^{+}({\pi }_e)$ red (artificial) vertices with in-degree 1 and out-degree 0. We call this the explosion of a vertex. Note that the red vertices may be considered as being artificial as they will later need to be removed. After all explosions, a directed edge is retained when its incoming half-edge is retained, which occurs with probability ${\pi }_e$ as it should be. Let

$$\begin{array}{c}\hfill N^{+}({\pi }_e)=\sum _{i=1}^n(d_i^{+}-D_i^{+}({\pi }_e)),\end{array}$$

so that $N({\pi }_e)=n+N^{+}({\pi }_e)$ denotes the (new) total number of vertices after explosions. Then $[N({\pi }_e)]/[n]$ will be the set of all artificial (red) vertices.

Further, instead of removing the $N^{+}({\pi }_e)$ red vertices with degrees (1,0), we will give threshold 2 to these artificial vertices so that they will never get infected and hence they will not play any role in the contagion process.

Note that as $n\to \infty$, since $m_n/n\to \lambda$,

$$\begin{array}{c}\hfill \frac{N({\pi }_e)}{n}=1+\frac{{\sum }_{i=1}^n(d_i^{+}-D_i^{+}({\pi }_e))}{n}=1+\frac{m_n-\mathsf{Bin}(m_n,{\pi }_e)}{n}\stackrel{p}{⟶}1+\lambda (1-{\pi }_e)\end{array}$$

and then

$$\begin{array}{c}\hfill \frac{N^{+}({\pi }_e)}{N({\pi }_e)}\stackrel{p}{⟶}\frac{\lambda (1-{\pi }_e)}{1+\lambda (1-{\pi }_e)}.\end{array}$$

Consequently, it would be quite easy to show that the set of final infected vertices in the initial contagion process on percolated random graph ${\mathcal{G}}_{{\pi }_v,{\pi }_e}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ will have the same distribution as the contagion process in configuration model with $N({\pi }_e)$ vertices where the degrees converges (in probability) to the new distribution

$$\begin{array}{c}\hfill {\widehat{\mu }}^{(s)}(1,0)=\frac{{\mu }^{(s)}(1,0)}{1+\lambda (1-{\pi }_e)}+\frac{\lambda (1-{\pi }_e)}{1+\lambda (1-{\pi }_e)}\text{and}{\widehat{\mu }}^{(s)}(d^{+},d^{-})=\frac{{\mu }^{(s)}(d^{+},d^{-})}{1+\lambda (1-{\pi }_e)}\end{array}$$ 28

for $(d^{+},d^{-})\ne (1,0)$. Further, the new threshold distribution function satisfies

$$\begin{array}{c}\hfill {\widehat{p}}^{(s)}(d^{+},d^{-},\theta )={\pi }_v^{(s)}(d^{+},d^{-})p^{(s)}(d^{+},d^{-},\theta )\text{for}\theta =0,1,\cdots ,d^{+}.\end{array}$$ 29

Note that $\tilde{p}$ (threshold distribution after site percolation model) and $\widehat{p}$ (threshold distribution after site and bond percolation) only doesn’t agree each other for $\theta >d^{+}$; in particular for $d^{+}=1,d^{-}=0$ and $\theta =2$. However, this difference will not play any role on the final infected set in the contagion process and the changes will be due to the new degree distribution.

We conclude by applying Theorem 3.6 to the new degree distribution that

$$\begin{array}{c}\hfill \frac{|{\mathcal{I}}_f^{(\mathbf{s})}|}{N({\pi }_e)}\stackrel{p}{⟶}\sum _{j,k}\sum _{s\in \mathcal{S}}{\widehat{\mu }}^{(s)}(j,k)\sum _{\theta =0}^j{\widehat{p}}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,{\widehat{x}}_{\ast }^{(\mathbf{s})})\ge \theta ),\end{array}$$

and then, using $N({\pi }_e)/n\to 1+\lambda (1-{\pi }_e)$, Eqs. (28), (29) and ${\widehat{x}}_{\ast }^{(\mathbf{s})}=x_{\ast }^{(\mathbf{s})}{\pi }_e$ we have

$$\begin{array}{c}\hfill \frac{|{\mathcal{I}}_f^{(\mathbf{s})}|}{n}\stackrel{p}{⟶}\sum _{j,k}\sum _{s\in \mathcal{S}}{\mu }^{(s)}(j,k){\pi }_v^{(s)}(j,k)\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x_{\ast }^{(\mathbf{s})}{\pi }_e)\ge \theta ).\end{array}$$

Note that $x_{\ast }^{(\mathbf{s})}$ by Theorem 3.6 is the smallest fixed point in [0,1] of

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}_{{\pi }_v,{\pi }_e}^{(\mathbf{s})}(x)& :=\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k{\widehat{\mu }}^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j{\widehat{p}}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x{\pi }_e)\ge \theta ).\hfill \\ \hfill & =\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k{\mu }^{(s)}(j,k){\pi }_v^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x{\pi }_e)\ge \theta ).\hfill \end{array}$$

Similarly, by applying Theorem 3.6, we obtain

$$\begin{array}{c}\hfill \frac{|{\mathcal{I}}_f^{(s)}(d^{+},d^{-})|}{n{\mu }_n^{(s)}(d^{+},d^{-})}\stackrel{p}{⟶}{\pi }_v^{(s)}(d^{+},d^{-})\sum _{\theta =0}^j{p}^{(s)}(d^{+},d^{-},\theta )\mathbb{P}(\mathsf{Bin}(d^{+},x_{\ast }^{(\mathbf{s})}{\pi }_e)\ge \theta ),\end{array}$$

and the theorem follows.

A.6. Proof of Theorems 3.8 and  3.12

We first use Theorem 3.6 to prove that if ${\mathcal{R}}_0^{(\mathbf{s})}<1$,

$$\begin{array}{c}\hfill \sum _{j,k}\sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)<\infty \end{array}$$

and we initially infect randomly $|{\mathcal{I}}_0^{(\mathbf{s})}|=o(n)$ vertices in [n], then $|{\mathcal{I}}_f^{(\mathbf{s})}|=o_p(n)$. Let us assume that $p^{(s)}(d^{+},d^{-},0)=ϵ$ for all $d^{+},d^{-}\in \mathbb{N}$ and $s\in \mathcal{S}$. We show that as $ϵ\to 0$ then $x_{\ast }^{(s)}(ϵ)\to 0$ which implies the claim. Note that by Theorem 3.6, $x_{\ast }^{(s)}(ϵ)$ is the smallest fixed point of ${\mathrm{\Phi }}_{ϵ}^{(\mathbf{s})}$ in [0, 1], where

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}_{ϵ}^{(\mathbf{s})}(x)& :=ϵ+\sum _{j=0}^{\infty }\sum _{k=0}^{\infty }\sum _{s\in \mathcal{S}}\frac{k{\mu }^{(s)}(j,k)}{\lambda }\sum _{\theta =1}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta ).\hfill \end{array}$$ 30

Hence ${\mathrm{\Phi }}_{ϵ}^{(\mathbf{s})}(0)>0$ and, for ${\sum }_{j,k}{\sum }_{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)<\infty$ and $x\approx 0$,

$$\begin{array}{c}\hfill \frac{d({\mathrm{\Phi }}_{ϵ}^{(\mathbf{s})}(x)-x)}{\mathit{dx}}=\frac{1}{\lambda }\sum _{j,k\in \mathbb{N}}\sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)p^{(s)}(j,k,1)-1={\mathcal{R}}_0^{(\mathbf{s})}-1<0.\end{array}$$

This implies that the smallest fixed point $x_{\ast }(ϵ)\to 0$ as $ϵ\to 0$.

We now consider the supercritical case when ${\mathcal{R}}_0^{(\mathbf{s})}>1$. From [7, 43], we know if

$$\begin{array}{c}\hfill \sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)>\lambda ,\end{array}$$

there exists a giant strongly connected component in the random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$. Let ${\mathcal{S}}_1$ be the largest strongly connected component of the random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ on which we apply site percolation by removing all vertices with degrees $(d^{+},d^{-})$ and security level s with probability $1-p^{(s)}(d^{+},d^{-},1)$ (we remove all vertices with threshold greater than or equal to 2).

We denote by ${\mathcal{S}}_1$ the largest strongly connected component of the random graph $\mathcal{G}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$ on which we apply site percolation by removing all vertices with threshold ${\mathrm{\Theta }}_i\ge 2$. Let ${\mathcal{I}}_f^{(\mathbf{s})}(i)$ denotes the final infected set is when we initiate the epidemic from ${\mathcal{I}}_0^{(\mathbf{s})}=\{i\}$ for all $i\in [n]$. Using the coupling argument on the site percolation model used in the last section, we obtain if ${\mathcal{R}}_o^{(\mathbf{s})}>1$, i.e.,

$$\begin{array}{c}\hfill \sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k)p(j,k,1)>\lambda ,\end{array}$$

there exists a giant strongly connected component in the percolated random graph and we have

$$\begin{array}{c}\hfill \underset{n}{lim\; inf}\frac{|{\mathcal{I}}_f^{(\mathbf{s})}(i)|}{n}\ge \underset{n}{lim\; inf}\frac{|{\mathcal{S}}_1|}{n}>0,\end{array}$$

which concludes the proof of Theorem 3.8.

Moreover, using the distribution $\widehat{\mu }$ and $\widehat{p}$ obtained from last section for the percolated random graph ${\mathcal{G}}_{{\pi }_v,{\pi }_e}({\mathbf{d}}^{+},{\mathbf{d}}^{-})$, gives us the new contagion reproduction number

$$\begin{array}{cc}\hfill {\mathcal{R}}_0^{(\mathbf{s})}({\pi }_v,{\pi }_e)& :=\frac{1}{\widehat{\lambda }}\sum _{j,k\in \mathbb{N}}\sum _{s\in \mathcal{S}}jk{\widehat{\mu }}^{(s)}(j,k){\widehat{p}}^{(s)}(j,k,1)\hfill \\ \hfill & =\frac{1}{\lambda {\pi }_e}\sum _{j,k\in \mathbb{N}}\sum _{s\in \mathcal{S}}jk{\mu }^{(s)}(j,k){\pi }_v^{(s)}(j,k)p^{(s)}(j,k,1).\hfill \end{array}$$

Hence, if ${\sum }_{j,k,s}jk{\mu }^{(s)}(j,k)<\infty$ and ${\mathcal{R}}_0^{(\mathbf{s})}({\pi }_v,{\pi }_e)<1$, i.e.,

$$\begin{array}{c}\hfill {\pi }_e<{\pi }_e^{\ast }:=\frac{\lambda }{{\sum }_{j,k,s}jk{\mu }^{(s)}(j,k){\pi }_v^{(s)}(j,k)p^{(s)}(j,k,1)},\end{array}$$

then initially infecting randomly $|{\mathcal{I}}_0^{(\mathbf{s})}|=o(n)$ vertices in [n] implies that $|{\mathcal{I}}_f^{(\mathbf{s})}|=o_p(n)$.

Further, if ${\pi }_e>{\pi }_e^{\ast }$ then ${\mathcal{R}}_0^{(\mathbf{s})}({\pi }_v,{\pi }_e)>1$ and w.h.p. for any $i\in {\tilde{\mathcal{S}}}_1$,

$$\begin{array}{c}\hfill \underset{n}{lim\; inf}\frac{|{\mathcal{I}}_f^{(\mathbf{s})}(i)|}{n}\ge \underset{n}{lim\; inf}\frac{|{\tilde{\mathcal{S}}}_1|}{n}>0,\end{array}$$

which concludes the proof of Theorem 3.12.

A.7. Proof of Lemma 4.2

We show that under the lemma condition, ${\delta }_k(d^{+},d^{-},x)$ will be strictly increasing function of vulnerability parameter x. This is equivalent to

$$\begin{array}{cc}\hfill \frac{\partial {\delta }_k(d^{+},d^{-},x)}{\partial x}& =\sum _{\theta =0}^{d^{+}}{q}_k(d^{+},d^{-},\theta )\frac{\partial \mathbb{P}(\mathsf{Bin}(d^{+},x)=\theta )}{\partial x}\hfill \\ \hfill & =d^{+}\sum _{\theta =0}^{d^{+}}{q}_k(d^{+},d^{-},\theta )\left(\mathbb{P},(\mathsf{Bin}(d^{+}-1,x)=\theta -1),-,\mathbb{P},(\mathsf{Bin}(d^{+}-1,x)=\theta )\right)\hfill \\ \hfill & =d^{+}\sum _{\theta =1}^{d^{+}}\left(q_k,(d^{+},d^{-},\theta ),-,q_k,(d^{+},d^{-},\theta -1)\right)\mathbb{P}(\mathsf{Bin}(d^{+}-1,x)=\theta -1)\hfill \\ \hfill & =d^{+}\sum _{\theta =1}^{d^{+}}\left(p^{(k-1)},(d^{+},d^{-},\theta ),-,p^{(k)},(d^{+},d^{-},\theta )\right)\mathbb{P}(\mathsf{Bin}(d^{+}-1,x)=\theta -1)>0\hfill \end{array}$$

for all $d^{+},d^{-},k=1,2,\cdots ,K$. Consequently, ${\delta }_k(d^{+},d^{-},x)$ is strictly increasing function of x and so

$$\begin{array}{c}\hfill {\ell }_k(d^{+},d^{-},x):=\frac{C^{(k)}(d^{+},d^{-})-C^{(k-1)}(d^{+},d^{-})}{{\delta }_k(d^{+},d^{-},x)}\end{array}$$

is a strictly increasing function of global network vulnerability x, as desired.

A.8. Proof of Theorem 4.3

Define a function $\psi :[0,1]\to [0,1]$ via the following,

$$\begin{array}{c}\hfill \psi (z):=\underset{x\in [0,1]}{inf}\{x:{\mathrm{\Phi }}^{\gamma (z)}(x)=x\}.\end{array}$$

It can be easily seen that ${\mathrm{\Phi }}^{\gamma (z)}(0)>0,{\mathrm{\Phi }}^{\gamma (z)}(1)<1$. In conjugation with the continuity of $x\mapsto {\mathrm{\Phi }}^{\gamma (z)}(x)$, we conclude that for any $z\in [0,1]$, the set $\{x:{\mathrm{\Phi }}^{\gamma (z)}(x)=x\}$ is nonempty and closed, and hence $\psi (z)\in (0,1)$ is well-defined.

Now we show that $z\mapsto \psi (z)$ is decreasing in z, which implies that (13) has at most one solution. Suppose we have $0<z_1<z_2<1$.

It can be easily seen that (note that $F({\ell }_{K+1}(j,k,z))=1$)

$$\begin{array}{cc}\hfill {\mathrm{\Phi }}^{\gamma (z)}(x)& =\sum _{j,k}\sum _{s\in \mathcal{S}}\frac{k\mu (j,k){\gamma }^{(s)}(j,k,z)}{\lambda }\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta )\hfill \\ \hfill & =\sum _{j,k}\frac{k\mu (j,k)}{\lambda }\sum _{s\in \mathcal{S}}\left(F,({\ell }_{s+1}(j,k,z)),-,F,({\ell }_s(j,k,z))\right)\sum _{\theta =0}^j{p}^{(s)}(j,k,\theta )\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta )\hfill \\ \hfill & =\sum _{j,k}\frac{k\mu (j,k)}{\lambda }\sum _{s=1}^{K+1}F({\ell }_s(j,k,z))\sum _{\theta =0}^j\left(p^{(s-1)},(j,k,\theta ),-,p^{(s)},(j,k,\theta )\right)\mathbb{P}(\mathsf{Bin}(j,x)\ge \theta )\hfill \\ \hfill & =\sum _{j,k}\frac{k\mu (j,k)}{\lambda }\sum _{s=1}^{K+1}F({\ell }_s(j,k,z)){\delta }_s(j,k,x).\hfill \end{array}$$

Hence, by monotone investment conditions and since F is strictly increasing cdf function, ${\mathrm{\Phi }}^{\gamma (z)}(x)$ is strictly increasing in x and strictly decreasing function of z. So that we have ${\mathrm{\Phi }}^{\gamma (z_1)}(x)>{\mathrm{\Phi }}^{\gamma (z_2)}(x)$ for any $x\in [0,1]$, and

$$\begin{array}{c}\hfill {\mathrm{\Phi }}^{\gamma (z_2)}(\psi (z_1))-\psi (z_1)<{\mathrm{\Phi }}^{\gamma (z_1)}(\psi (z_1))-\psi (z_1)=0.\end{array}$$

Combining with the fact that ${\mathrm{\Phi }}^{\gamma (z_2)}(0)\ge 0$ and the continuity of $x\mapsto {\mathrm{\Phi }}^{\gamma (z_2)}(x)$, there exists an $x<\psi (z_1)$ such that ${\mathrm{\Phi }}^{\gamma (z_2)}(x)=x$, which implies that $\psi (z_2)<\psi (z_1)$.

A.9. Proof of Propositions 5.1 and 5.2

We will prove Proposition 5.2, which implies Proposition 5.1 by setting ${\mu }_H=1,d_H=d,C_H=C$, and ${\mu }_L=C_L=0$. Note that ${\gamma }_e=({\gamma }_{\mathit{eH}},{\gamma }_{\mathit{eL}})$ is such that

$$\begin{array}{c}\hfill {\delta }_H(x_{\ast }^{{\gamma }_e})F_H^{-1}(1-{\gamma }_{\mathit{eH}})=C_H,{\delta }_L(x_{\ast }^{{\gamma }_e})F_L^{-1}(1-{\gamma }_{\mathit{eL}})=C_L,\end{array}$$

while the social planner chooses ${\gamma }_s=({\gamma }_{\mathit{sH}},{\gamma }_{\mathit{sL}})$ which minimizes ${\overline{C}}_{\text{social}}(\gamma )$:

$$\begin{array}{c}\hfill {\gamma }_s=\underset{{\gamma }_H,{\gamma }_L\in [0,1]}{argmin}\left\{{\delta }_H,(x_{\ast }^{\gamma }),{\int }_{{\gamma }_H}^1,F_H^{-1},(1-u),d,u,+,{\delta }_H,(x_{\ast }^{\gamma }),{\int }_{{\gamma }_L}^1,F_L^{-1},(1-u),d,u,+,C_H,{\gamma }_H,+,C_L,{\gamma }_L\right\}.\end{array}$$

Since $x_{\ast }^{\gamma }$ is decreasing in ${\gamma }_H,{\gamma }_L$ and ${\delta }_H(.),{\delta }_L(.)$ are increasing functions, ${\delta }_H(x_{\ast }^{\gamma }),{\delta }_L(x_{\ast }^{\gamma })$ are decreasing functions of ${\gamma }_H$ and ${\gamma }_L$. Moreover, we have

$$\begin{array}{cc}\hfill \frac{\partial J_{\text{social}}({\gamma }_{\mathit{eH}},{\gamma }_{\mathit{eL}})}{\partial {\gamma }_H}\le & -{\delta }_H(x_{\ast }^{{\gamma }_e})F_H^{-1}(1-{\gamma }_e)+C_H=0,\hfill \\ \hfill \frac{\partial J_{\text{social}}({\gamma }_{\mathit{eL}},{\gamma }_{\mathit{eL}})}{\partial {\gamma }_H}\le & -{\delta }_L(x_{\ast }^{{\gamma }_e})F_L^{-1}(1-{\gamma }_e)+C_L=0,\hfill \end{array}$$

and the proposition follows.